AnsweredAssumed Answered

Enable SNX on Cluster

Question asked by Joshua Snider on May 1, 2018
Latest reply on May 18, 2018 by Joshua Snider

Hey all,

 

I'm trying to enable mobile access on our HA (active/passive) cluster to be able to use SNX.  Right now I'm stuck on just getting the web page with the user/pass field.  Our topology looks something like this (w/ IPs changed)

Computers on the internal networks can open a webpage to 192.168.0.5 with the expected portal.  But I want remote users on the public internet to be able to access the portal page.  So I created a DNS entry vpn.ourdomain.com to resolve to a public IP address and during the first time setup wizard I told the portal to use that FQDN.  I created access control rules to allow users to access both the private IP (192.168.0.1/2/5) and the public address resolving from vpn.ourdomain.com.  When I'm at my home computer, I can resolve the name entry fine, but I cannot access the portal web page.

 

I'm thinking I have to configure the public IP on the firewall cluster, but I've no idea how to do that.  Anytime I go into Cluster Object > NAT > Advanced & tell it to statically xlate to the public IP address, I get a verification error saying the cluster cannot xlate its own address.

I've tried static NAT rules up the wazoo but nothing seems to be working.  I'm hoping that we don't have to change the bonded VIP to a public address b/c we'd have to rework our connection btw the firewall and edge router & burn some IPs, but if that's what we have to do then I guess we do have a maintenance window coming up...

 

Any ideas?  I'm sure I'm missing something stupid.

 

Also, first real use and post to Checkmates so I'm excited there's this community here!

Outcomes