This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Gaurav_Pandya
Advisor
‎2018-01-03 03:30 AM

Mobile Access Default Route

Jump to solution

Hi All,

I am implementing Mobile access blade for one of the customer. All the features like, LDAP integration, Compliance check for endpoint security has been done successfully.

Now the requirement is that when user connects to Mobile access SSL VPN, he must use corporate Internet, means all routes gateway should be Corporate firewall and split tunneling feature should be disabled.

I have followed sk31873 and configured GUIDBedit from "route_all_client_traffic_to_connectra" = True

Now I am getting all the routes and also security policy is in place for Office_Pool but still I am unable to browse internet.

In tracker, I am getting below error.

Need expert advise. 

Reply
1 Solution

Accepted Solutions
Gaurav_Pandya
Advisor
‎2018-01-10 07:35 AM

Jump to solution

Hi All,

Finally Issue is resolved by creating new Native application with "Internet Ranges" and apply to Mobile access Rule.

  1. Select 'Applications > Native Applications'.
  2. Click 'New'. Select 'Authorized Locations'.
  3. Click 'Address Range' and type in the range "0.0.0.1 - 255.255.255.254". Click 'Save'.

View solution in original post

Reply
5 Replies
PhoneBoy
Admin
Admin
‎2018-01-04 07:47 AM

Jump to solution

Have you followed the advice in this SK? 

"Encryption Failure: according to the policy the packet should not have been decrypted" log in Smart... 

Reply
Gaurav_Pandya
Advisor
‎2018-01-04 08:15 AM
In response to PhoneBoy

Jump to solution

Hi,

This article is more related to IPsec VPN. I am using Mobile access SSL VPN.

I have also checked that the Office mode IP (Office_pool) is not part of encryption domain.

Reply
Gaurav_Pandya
Advisor
‎2018-01-10 07:35 AM

Jump to solution

Hi All,

Finally Issue is resolved by creating new Native application with "Internet Ranges" and apply to Mobile access Rule.

  1. Select 'Applications > Native Applications'.
  2. Click 'New'. Select 'Authorized Locations'.
  3. Click 'Address Range' and type in the range "0.0.0.1 - 255.255.255.254". Click 'Save'.

View solution in original post

Reply
Jerry
Leader
Leader
‎2019-05-23 07:43 AM
In response to Gaurav_Pandya

Jump to solution

now under R80.30 I've got similar issue

my MAB was working like a charm till ... R80.30 upgrade

my MAB Apps are just few plus Internet (done via Native 0.0.0.1-255.255.255.245) also in place

however, I do have an issue with only one little thing (all things works like a charm and I have not a single reason to complain) except ...

 

my IMAPS does not work with GMail.google.com when connected via EPS for Windows (E.80.96-E81.00).

 

just IMAPS with GMail does not work (native MS Outlook client) - all the rest works ie. Exchange Server to O365 etc.

 

my complete package contains all communication channels VIA MAB so all-gateway-mode not a SPLIT-TUNNEL, however all seems to be working just fine except ... GMail IMAPS (tcp).

just so you know I've made an exception no IPS/ThreatPrevention in order to facilitate src/dst with IMAPS ports.

still no go

 

I was just wondering whether any of you guys experienced such thing or ... would rather not use MAB for both (LAN/WAN) at the same time? 😛

 

thanks in advance for all your hints

 

ps. what do you think mate @PhoneBoy & @_Val_ ?

Jerry
0 Kudos
Reply
Jerry
Leader
Leader
‎2019-05-23 07:52 AM
In response to Jerry

Jump to solution

sorry guys, my bad, please remove my previous post 😞 shame but I found a reason not related to CP but bloody Win10 Firewall ... 

Jerry
0 Kudos
Reply