This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SdanteMate
Contributor
‎2021-05-12 01:26 AM

SSL Webapp

Dear mates

 

I create one webapp on ssl vpn. The thing is that I use the SSL VPN to connect on internal local but the host is on Azure that I have another site to site VPN with the internal net.

 

It seems that I can not access the webapp this way.

Can you assist me?

 

Thank you.

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2021-05-14 03:10 PM

So you're trying to access a web application from your gateway that is only available from a site-to-site VPN?
What are you connecting to at the other end of the VPN?
Is it configured to allow traffic from the gateway itself as a source (i.e. as part of the Encryption Domain or equivalent)?

0 Kudos
SdanteMate
Contributor
‎2021-05-16 10:44 PM
In response to PhoneBoy

Hi PhoneBoy, Thank you for the reply.

Yes, I'm trying to access through SSL vpn a host on azure that is connecting from a site-to-site.

It's machine that hosting a website.

Please note that with ipsec vpn, i can access the website.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-05-16 10:56 PM
In response to SdanteMate

What is hosting the IPSec VPN at the Azure end?
And is it configured to allow encrypted traffic that originates from the gateway's external IP?

0 Kudos
SdanteMate
Contributor
‎2021-05-16 11:21 PM
In response to PhoneBoy

Yes, the VPN is hosting by the checkpoint appliance and the Azure virtual gateway object. Also i notice that when I'm trying to access the web from SSL VPN. I'm not getting any logs on my checpoint gw

0 Kudos
PhoneBoy
Admin
Admin
‎2021-05-17 01:44 PM
In response to SdanteMate

The connection is probably being allowed from the gateway itself via an implied rule.
However, the remote end must be explicitly configured to allow a connection from the gateway's external IP.
I don't remember what they refer to it as on the Azure side, but it would be equivalent to the Encryption Domain on the Check Point side.
Although this would not be required on the Check Point side since the gateway IPs are always included in the Encryption Domain without explicitly being configured. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top