get sslvpn interface when trying to access web server

We have a web server we are try to access from the internet. We have a rule configured to allow traffic from outside, through port 443, to the internal IP of the web server. Instead of getting the website, we get the SSLVPN login interface. This occurs with both the domain name and our external IP address.

I am not the admin of this, but I was given permission to go in and look around. I noticed that the SSL-VPN/WG-VPN-Portal 443:tcp
and the rule forwarding to our web server is:
Websecure any <ext. IP> --> <int. IP>. tcp:1433, tcp:1433, udp:1434,u dp:1434
Should this rule have port 443 and not 1433?

Comments

  • edited March 2019

    Yes, if the goal is to access your web site without appending :1433 to the URL.
    How many public IP addrs do you have ?
    If just 1, then only 1 access can happen from the Internet to your firewall over TCP 443. So your site would need to decide if SSLVPN or the web site should use TCP port 443 and the other access to use a different port, such as TCP port 1433.
    If more than 1, then make sure that the web site access policy is for TCP port 443, and that it is above the WatchGuard SSLVPN policy

  • edited March 2019

    We have 5 static IP's.
    All 5 IP's route me to the SSL-VPN login. We have one in the DNS that is for www.our_domain.com
    IP1 and IP2 are primary and backup for the Firebox. IP3 is in the firewall rules to allow tcp:1433 traffic to web server.(www.our_domain.com). IP4 & 5 are not officially in use, but when entering them, it take me to the SSL-VPN login

  • As I posted above:
    If more than 1, then make sure that the web site access policy is for TCP port 443, and that it is above the WatchGuard SSLVPN policy

Sign In to comment.