HTTPS-Proxy breaks SSL-VPN and vice-versa
When we have our HTTPS-Proxy policy (with Domain Name Rules On) above the SSL-VPN policy, the SSL-VPN client cannot connect.
When the SSL-VPN policy is above the HTTPS-Proxy policy, the HTTPS-Proxy policy is also ignored.
HTTPS-Proxy is from Any-External to SNAT with a Proxy Action set to inspect Domain Names on a pattern match, with the default action being Allow.
It seems the SSL-VPN should come after the HTTPS-Proxy policy.
Any ideas of what I might need to change?
0
Sign In to comment.
Comments
Is my only option to change the SSLVPN port?
Or have a 2nd public IP addr
What is the purpose of "HTTPS-Proxy is from Any-External to SNAT with a Proxy Action set to inspect Domain Names on a pattern match, with the default action being Allow."?
Are you running your own web server behind the Firebox?
Gregg Hill
I'm facing the same situation. We were running a HTTP web server behind a Firebox but now we need to add HTTPS on this server.
Is it possible to filter domains with HTTPS-Proxy-Content and allow connexion for VPN SSL all on the same 443 port ?
This might work if the To: field is Firebox.
Then you can add a domain entry for your internal HTTPS server and specify the IP addr of it.
I have not seen anyone indicate that they have tried this.
Normally one uses a SNAT on the To: field, so that might be the killer here.
Another option is to use a different port for SSLVPN access.