Access Portal Interface/IP Binding option

Hello.

Could there be an Access Portal interface/ip address binding option available?

Right now it seems it always binds the the first trusted interface IP.
If people need Access Portal traffic to have a different source they need to jump through some NAT or Policy hoops to make it happen.
Why can't there be a simple bind option to any available/configured interface/IP?

Thank you.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @IHCS Access portal binds to and uses the same IP as SSLVPN and uses the WatchGuard SSLVPN policy for access to the firewall.

    Hiding/removing that policy would remove the ability to customize how that service behaves. The firewall creates a default policy when the access portal or SSLVPN is enabled that works for most customers.

    -James Carson
    WatchGuard Customer Support

  • Hi James,

    I was referring to the Access Portal 'internal' interface binding, ie the source of RDP/SSH/HTML connections. Not the external interface that externals users connect to.

    Regards,

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @IHCS
    Internally, traffic is handled by the any-from-firebox rule, which is hidden.

    (About Policies for Firebox-Generated Traffic)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/policies_firebox_generated_traffic_about.html

    In order to push the traffic from a different IP internally you'd need to make a rule above the any-from-firebox rule, and set source IP to something else.

    Generally, the source IP will be the gateway IP for that specific network (and is also the IP the firebox owns on that network.) Making a simple interface where you can drop in an IP would severely limit what other customers are able to do here (for example, setting different rules for different interfaces.)

    -James Carson
    WatchGuard Customer Support

Sign In to comment.