Ruijie Community

Title: SSL VPN client app connected to Firewall [Print this page]

Author: clint.thebus@pr Time: 2024-11-11 19:22
Title: SSL VPN client app connected to Firewall
Edited by Clint Thebus at 2024-11-11 19:22

Good Day,
I have a Z3200-S firewall that is running in transparent mode on the network. I have SSL VPN client working fine via the App.
My question is, if i have URL blocking and website blocking enabled on the firewall and specific policy rules, does these rules and policies not apply for the remote VPN user?
I have tested and it does not follow any URL blocking.

eg. the below policy rules like blocked websites etc.

Author: guominxiang@rui Time: 2024-11-11 21:23
Hello,

Can you enable this SSL Proxy Policy and test it again ?

If you still have issue pls talk with me again.
I would be glad to help you in Community.

Best regards,

Micca

Author: clint.thebus@pr Time: 2024-11-12 22:45

GTAC-Micca replied at 2024-11-11 21:23
Hello,

Can you enable this SSL Proxy Policy and test it again ?

Hi GTAC-Micca,
I have enabled the SSL Proxy policy and still i can go to any of the websites that i have in the blocked URL filtering.
Also i noticed that i can ping any of the local IP addresses on the router and can only get to the router ip address remotely 192.168.110.1, but i cant get to a printer. I can ping the printer.
I cant also get to the firewall via its local IP address.

The SSL Policy Src (ippool_VPN) is the ip pool that i get from the SSL VPN

Author: clint.thebus@pr Time: 2024-11-14 14:28

Clint Thebus replied at 2024-11-12 22:45
Hi GTAC-Micca,
I have enabled the SSL Proxy policy and still i can go to any of the websites that ...

OK,
I can now get to all the devices on the local network. I needed to create a Nat Rule for the SSL VPN.
My new question is,
How do i get the remote user to display the same public IP address as the Office and not his personal ISP public IP?

Author: guominxiang@rui Time: 2024-11-15 09:51

Clint Thebus replied at 2024-11-14 14:28
OK,
I can now get to all the devices on the local network. I needed to create a Nat Rule for the S ...

Hello,

I'm sorry that based on the current information, I can't provide detailed troubleshooting steps for the time being. We need more information from you.
Can you show me a screenshot of the specific location of the requirements you mentioned?

Best regards,
Micca

Author: clint.thebus@pr Time: 2024-11-15 12:54

GTAC-Micca replied at 2024-11-15 09:51
Hello,

I'm sorry that based on the current information, I can't provide detailed troubleshooting ...

Hi Micca,
I managed to get everything working. When creating the SSL Gateway, i changed it from Split tunnel to Full tunnel.
Then i has to create a static route on the Router for the SSLVPN's IP address range and using the Firewall's IP address as the next hop. Then create another static route on the firewall with the router as the next hop.
This fixed the issue. Now i display the public IP from the firewall and im blocked as per the policies on the firewall.

Thank you for your help.

Author: liuxiyang@ruiji Time: 2024-11-15 12:58

Clint Thebus replied at 2024-11-15 12:54
Hi Micca,
I managed to get everything working. When creating the SSL Gateway, i changed it from Sp ...

Hi Clint Thebus,

Thanks for your kind reply! I am glad to be of assistance. If you encounter any problems, please don’t hesitate to contact us!

Best regards,
Steve

Author: clint.thebus@pr Time: 2024-11-15 14:40

GTAC-Steve replied at 2024-11-15 12:58
Hi Clint Thebus,

Thanks for your kind reply! I am glad to be of assistance. If you encounter any ...

Thanks Steve

Welcome to Ruijie Community (https://community.ruijienetworks.com/)