GUI client unable to access R80.10 management server behind firewall

May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

Paradigm Shifts: Adventures Unleashed!
Capture Your Adventure for a Chance to WIN!

Join the Photo Contest!

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

Hi,

I'm hoping someone could offer help how to solve a problem with having trying to access an R80.10 management server's private address behind R80.10 firewall with GUI client and failing. The setup is in Azure but I don't think that's the problem here since you can login via SSH to the server and HTTPS to the GAiA via same address.

GUI client -----> FW<----VPN---> R80.10 FW ----> R80.10 Mgmt Server

Checking the logs the packet from GUI client are logged in implied rule level and passing through the firewalls, and with fw monitor you can see the packets passing the R80.10 firewall and return packets from the management server truing to head back to the client, but the return packets get dropped because they are not SYN packets. It seems that there isn't any session associated with that initial passed packet and thus the return packets get dropped?

When checking the implied access control connection rules settings the only option is to disable them, you can't change order from the "First" to anything else.

Any idea how to allow access for GUI clients to the internal address with out disabling the implied rules and recreating them by hand?