Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Joseflorez
Contributor

I cannot access to portal ssl network extender

Jump to solution

Hi 

I am having problems when trying to load the SSL Network Extender portal of one of the firewalls that I administer, I have compared the general configuration of IPsec and Remote Access of another firewall that works correctly and is the same configuration. What would you recommend me to review specifically?

The authentication method is Legacy so I don't have certificates

0 Kudos
1 Solution

Accepted Solutions
the_rock
Advisor

Hey D,

I did remote session with Jose and helped him fix it. All it was is that in gaia portal, if you change port to non-standard, it changes option "according to policy", so then explicit rule is needed to allow access externally. If you just need it internally, then changing port to 4434 fpr example works for Gaia and also works on port 443 for snx. So Jose was fine with that and now he knows what to do in case they need to allow it on external interface. Thanks as always!

Andy

View solution in original post

13 Replies
Joseflorez
Contributor

i have disabled the blade mobile access, everything had worked so far with ipsecVPN

0 Kudos
PhoneBoy
Admin
Admin

What version/JHF level?
Are you referring the Mobile Access portal or the SNX portal (which is used to allow download of the SNX client when MAB is not used)?
Screenshot of what you see when you access the portal?

0 Kudos
Joseflorez
Contributor

Hi PhoneBoy

HOTFIX_R80_10_JUMBO_HF Take: 279

I refer this portal SSL Network Extender, This is how it should work

0 Kudos
Joseflorez
Contributor

Hi PhoneBoy

HOTFIX_R80_10_JUMBO_HF Take: 279

I refer this portal SSL Network Extender, This is how it should work

SSL NE.PNG

but when i try to the load of url by  other gateway appear this form

Error ssl.PNG

 

 

0 Kudos
PhoneBoy
Admin
Admin

Do you have an explicit rule in your access policy to allow this connection?

As a separate issue I recommend upgrading from R80.10 since it will be officially End of Support in the next few months.

0 Kudos
Joseflorez
Contributor

No, i dont have an explicit rule to allow this connection. This connection do match with the implied rule, and now see an drop

Drop.PNG


How could I allow the connection? Could this have any repercussions? Modify the implied rule

0 Kudos
PhoneBoy
Admin
Admin
0 Kudos
Joseflorez
Contributor

When i do this SK, now i can to access, but to gaia portal not portal SSL Network Extender to connect to VPN. What else can I do?

0 Kudos
the_rock
Advisor

Hey D,

I did remote session with Jose and helped him fix it. All it was is that in gaia portal, if you change port to non-standard, it changes option "according to policy", so then explicit rule is needed to allow access externally. If you just need it internally, then changing port to 4434 fpr example works for Gaia and also works on port 443 for snx. So Jose was fine with that and now he knows what to do in case they need to allow it on external interface. Thanks as always!

Andy

View solution in original post

PhoneBoy
Admin
Admin

Nice work 🙂

0 Kudos
the_rock
Advisor

As soo as I saw your response, first thing that popped into my head was possibility of MA and gaia portal using same port number. PLEASE ENSURE they are different and then push the policy and let us know.

Andy

0 Kudos
the_rock
Advisor

Hang on...so what port is your Gaia portal now? Message me offline, lets do remote session, I want to see this. Something does not make sense.

Andy

Joseflorez
Contributor

my port gaia now is 4434 but the 443 still works, where would the remote session be? 

0 Kudos