Forgot password?
 Register now

Welcome to use this form to feedback your problems with Ruijie Community

The category of your feedback

Your Feedback

Your Email address (optional):

How to Configure the Firewall to Support SSL VPN Gateway in Transparent Mode Reply

GTAC-Sophia

Level 5

Ruijie Staff

How to Configure the Firewall to Support SSL VPN Gateway in Transparent Mode
714 1 2024-8-22 11:23:06
Original
Applicable Versions

RG-WALL-Z series firewalls running NTOS1.0R9 or earlier
Requirements
The firewall works in transparent mode and is deployed behind the egress device.The SSL VPN function needs to be enabled on the firewall.
Topology

Configuration Notes
1. Use the IP address of the bridge interface onthe firewall as the IP address of the SSL VPN dialer interface, and add the bridge interface to the Trust zone.
2. Configure IP address mappings for bridgeinterfaces on the egress device for both TCP and UDP services.
3. Create an SSL VPN gateway and use the IP address of the bridge interface as the address of the SSL VPN dialer interface.To pass the SSL VPN IP address security check, add the mapped IP address andport number corresponding to the bridge interface IP address on the egress device in the gateway.
4. Perform other SSL VPN configurations.
Configuration Procedure

1.Select a bridge interface and add it to theTrust zone. In this example, select br0 and set its IP address to192.168.111.107/24.


2. On the egress device, configure the mapping relationship for 192.168.111.107 for both TCP and UDP services. Ensure that the mapped port matches the port number used by the firewall and SSL VPN (default port number is 8443).

3. Create an SSL VPN gateway and set the gateway address. Configure both the Br0 address and the public IP address mapped to the EG. Configure the remaining parameters properly. In this example, the public IPaddress is 10.52.48.205.
Note: A public IP address and a bridge interface are required because the firewall checks whether the destination IP address in SSL VPN request packets matches the firewall's IP address. To by pass this check temporarily, you need to configure both the public IP address and the bridge interface. In the R9 version, only the public IP address needs to be configured.


Verification
After completing the configuration, use the SSL VPN client to dial up and select the public IP address as the destination.


RG-WALL Z Series

Configuration Firewall
0 2024-11-6 01:10:25 View all replies
Good Day,
Will the remote users connected via the SSL VPN also follow the same policy rules on the firewall as the local users?
eg. the below policy rules like blocked websites etc.



Related Posts
Product Model

Share this topic to

Cancel

This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.

More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.

©2000-2023 Ruijie Networks Co,Ltd