HTTPS-Proxy breaks SSL-VPN and vice-versa

When we have our HTTPS-Proxy policy (with Domain Name Rules On) above the SSL-VPN policy, the SSL-VPN client cannot connect.
When the SSL-VPN policy is above the HTTPS-Proxy policy, the HTTPS-Proxy policy is also ignored.

HTTPS-Proxy is from Any-External to SNAT with a Proxy Action set to inspect Domain Names on a pattern match, with the default action being Allow.

It seems the SSL-VPN should come after the HTTPS-Proxy policy.
Any ideas of what I might need to change?

Comments

  • Is my only option to change the SSLVPN port?

  • Or have a 2nd public IP addr

  • edited April 2022

    What is the purpose of "HTTPS-Proxy is from Any-External to SNAT with a Proxy Action set to inspect Domain Names on a pattern match, with the default action being Allow."?

    Are you running your own web server behind the Firebox?

    Gregg Hill

  • I'm facing the same situation. We were running a HTTP web server behind a Firebox but now we need to add HTTPS on this server.

    Is it possible to filter domains with HTTPS-Proxy-Content and allow connexion for VPN SSL all on the same 443 port ?

  • This might work if the To: field is Firebox.
    Then you can add a domain entry for your internal HTTPS server and specify the IP addr of it.

    I have not seen anyone indicate that they have tried this.
    Normally one uses a SNAT on the To: field, so that might be the killer here.

  • Another option is to use a different port for SSLVPN access.

Sign In to comment.