Options
Access Portal Interface/IP Binding option
Hello.
Could there be an Access Portal interface/ip address binding option available?
Right now it seems it always binds the the first trusted interface IP.
If people need Access Portal traffic to have a different source they need to jump through some NAT or Policy hoops to make it happen.
Why can't there be a simple bind option to any available/configured interface/IP?
Thank you.
0
Sign In to comment.
Comments
@IHCS Access portal binds to and uses the same IP as SSLVPN and uses the WatchGuard SSLVPN policy for access to the firewall.
Hiding/removing that policy would remove the ability to customize how that service behaves. The firewall creates a default policy when the access portal or SSLVPN is enabled that works for most customers.
-James Carson
WatchGuard Customer Support
Hi James,
I was referring to the Access Portal 'internal' interface binding, ie the source of RDP/SSH/HTML connections. Not the external interface that externals users connect to.
Regards,
@IHCS
Internally, traffic is handled by the any-from-firebox rule, which is hidden.
(About Policies for Firebox-Generated Traffic)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/policies_firebox_generated_traffic_about.html
In order to push the traffic from a different IP internally you'd need to make a rule above the any-from-firebox rule, and set source IP to something else.
Generally, the source IP will be the gateway IP for that specific network (and is also the IP the firebox owns on that network.) Making a simple interface where you can drop in an IP would severely limit what other customers are able to do here (for example, setting different rules for different interfaces.)
-James Carson
WatchGuard Customer Support