Access to external Website with outgoing static IP from company

VGBHVGBH
in Firebox - VPN Mobile User

Our company employees need to visit an external website. The website can be accessed from anywhere, but login is only possible with the company's outgoing static IP address.
The option “Route all client traffic through the tunnel” is disabled for SSL VPN users. Is it possible to route only the traffic for this website via VPN so that the website is visited via the company's static IP?

Comments

  • Bruce_BriggsBruce_Briggs

    Try adding the web site IP addr to the SSLVPN allowed resources list.

  • VGBHVGBH

    Thanks, this works. I can´t add the IP but the whole subnet. After this I create a HTTPS policy.
    Would this also work as Reverse Proxy application in the AcessPortal?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @VGBH
    You can add a single IP as a /32

    The reverse proxy could potentially work, provided the website is compatible with it.

    -James Carson
    WatchGuard Customer Support

  • Bruce_BriggsBruce_Briggs

    /24 also works, at least in WSM Policy Manager - where I tried it.

    1.2.3.4/24

  • VGBHVGBH

    @james.carson said:
    @VGBH
    You can add a single IP as a /32

    The reverse proxy could potentially work, provided the website is compatible with it.

    Thanks, it worked!

    How could I do it for Access Portal as Web-Application?
    I create a reverse proxy entry for this website with the following settings but a login is not possible. Is there anything else, what I have to configure?

    external site: example.com
    internal site: example.com
    [x] Trust Certificate

    URL Path Mapping
    From and To: /abc
    Authentication: Access Portal
    Forward credentials: no (The credentials are different)

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @VGBH I'm not sure what exactly you mean by web application. If you're looking for the Access Portal to render the page in a frame it won't do this for reverse proxy.

    -James Carson
    WatchGuard Customer Support

  • VGBHVGBH

    @james.carson said:
    Hi @VGBH I'm not sure what exactly you mean by web application. If you're looking for the Access Portal to render the page in a frame it won't do this for reverse proxy.

    I try to create a Web-Application (Type) in Access Portal. Like the SSL-VPN user, the Access Portal user also need access to the external Website with the outgoing static IP from the company. This is needed because this external website has a whitelisting and you can only login from the external company ip address.

    Would these somehow possible to configure?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @VGBH
    A reverse proxy action in the access portal can work in that situation, but you'll need to ensure that users can access the site via both the URL configured in the access portal and the actual URL. This generally requires that you have control over the site's DNS.

    If the external site isn't yours, one of the VPNs will be the best way to accomplish this.

    -James Carson
    WatchGuard Customer Support

  • VGBHVGBH

    Thanks for the explanation. The users have access to the website via access portal, vpn and www. This website is not from us and I have no access over the DNS. So VPN it is. Have a nice weekend.

Sign In to comment.