Options

BOVPN over TLS not recognised as Any-BOVPN by rules

DarrinSaltDarrinSalt
in Firebox - VPN Branch Office

Hi All, I wonder if any of you have come across this before?

We have lots of BOVPN's and some rules for the incoming/outgoing traffic to them - we never really use the "Allow all traffic over this tunnel" setting. The rules simply specify "Any-BOVPN" as either the source or destination, depending on the direction of flow.

Today, we created a TLS BOVPN, set up as usual. The tunnel came up and we successful could pass ICMP traffic over the tunnel - our "Ping" rule is pretty lax except from any external.

However, we then noticed none of our rules using Any-BOVPN were passing the traffic, and the WSM traffic monitor was showing Deny's, Unhandled Packet for the traffic.

After some double checking, we couldn't solve it but worked around it easily by additionally adding the tunnel in question to the source and destination. Luckily we only have one TLS tunnel at present so it's not too much of an issue.

My question is has any one seen this or is it a bug I can't find listed. It's a bit odd given the TLS tunnel is supposed to be BO and not just SSLVPN.

Regards

Darrin.

Sign In to comment.