HTTPS-Proxy breaks SSL-VPN and vice-versa
When we have our HTTPS-Proxy policy (with Domain Name Rules On) above the SSL-VPN policy, the SSL-VPN client cannot connect.
When the SSL-VPN policy is above the HTTPS-Proxy policy, the HTTPS-Proxy policy is also ignored.
HTTPS-Proxy is from Any-External to SNAT with a Proxy Action set to inspect Domain Names on a pattern match, with the default action being Allow.
It seems the SSL-VPN should come after the HTTPS-Proxy policy.
Any ideas of what I might need to change?
Comments
-
Is my only option to change the SSLVPN port?
0 -
Or have a 2nd public IP addr
0 -
What is the purpose of "HTTPS-Proxy is from Any-External to SNAT with a Proxy Action set to inspect Domain Names on a pattern match, with the default action being Allow."?
Are you running your own web server behind the Firebox?
Gregg Hill
0 -
I'm facing the same situation. We were running a HTTP web server behind a Firebox but now we need to add HTTPS on this server.
Is it possible to filter domains with HTTPS-Proxy-Content and allow connexion for VPN SSL all on the same 443 port ?
0 -
This might work if the To: field is Firebox.
Then you can add a domain entry for your internal HTTPS server and specify the IP addr of it.I have not seen anyone indicate that they have tried this.
Normally one uses a SNAT on the To: field, so that might be the killer here.0 -
Another option is to use a different port for SSLVPN access.
0
