Title: How to Configure the Firewall to Support SSL VPN Gateway in Transparent Mode [Print this page] Author: zhangqiao@ruiji Time: 2024-8-22 11:23 Title: How to Configure the Firewall to Support SSL VPN Gateway in Transparent Mode
Applicable Versions
RG-WALL-Z series firewalls running NTOS1.0R9 or earlier Requirements
The firewall works in transparent mode and is deployed behind the egress device.The SSL VPN function needs to be enabled on the firewall. Topology Configuration Notes
1. Use the IP address of the bridge interface onthe firewall as the IP address of the SSL VPN dialer interface, and add the bridge interface to the Trust zone.
2. Configure IP address mappings for bridgeinterfaces on the egress device for both TCP and UDP services.
3. Create an SSL VPN gateway and use the IP address of the bridge interface as the address of the SSL VPN dialer interface.To pass the SSL VPN IP address security check, add the mapped IP address andport number corresponding to the bridge interface IP address on the egress device in the gateway.
4. Perform other SSL VPN configurations. Configuration Procedure
1.Select a bridge interface and add it to theTrust zone. In this example, select br0 and set its IP address to192.168.111.107/24.
2. On the egress device, configure the mapping relationship for 192.168.111.107 for both TCP and UDP services. Ensure that the mapped port matches the port number used by the firewall and SSL VPN (default port number is 8443).
3. Create an SSL VPN gateway and set the gateway address. Configure both the Br0 address and the public IP address mapped to the EG. Configure the remaining parameters properly. In this example, the public IPaddress is 10.52.48.205.
Note: A public IP address and a bridge interface are required because the firewall checks whether the destination IP address in SSL VPN request packets matches the firewall's IP address. To by pass this check temporarily, you need to configure both the public IP address and the bridge interface. In the R9 version, only the public IP address needs to be configured.
Verification
After completing the configuration, use the SSL VPN client to dial up and select the public IP address as the destination.
Welcome to Ruijie Community (https://community.ruijienetworks.com/)
