SSL VPN Problem Connection


Hello at All, i have a problem with a customer, and i didn't understand how i can resolve this.

The customer have a USG FLEX 50 that use also for SSL_VPN Connection (and also us use sometimes for troubleshooting) and there is some strange behaviour:

The USG FLEX 50 have this firmware: V5.35(ABAQ.0)

There is a LAN Navigation between router and WAN's Firewall Interface.
ROuter have LAN IP192.168.3.1


All works correctly, except SSL_VPN.

I have set a SSL_VPN with port 8443:

The SSL_VPN Set is correctly:

The VPN GROUPS contain our User "TECNICI".

I have set a Subnet in Address for the VPN USER.

Also i have add port 8443 to this policy:

On the router, i have correctly add a port forwarding (not masquerade), on external port 8443, on internal port 8443 of firewall (the Router is a simply TP-LINK)

The behaviour is: One time maybe the VPN works, only one time… after, the SecuExtender doesn't do anything (try quit and open again, reboot, ecc) and in the logHelper i can see only:

[ 2023/03/23 08:43:59 ][SecuExtender Helper] Get netsh path = powershell
[ 2023/03/23 08:43:59 ][SecuExtender Helper] Set-NetIPInterface -InterfaceAlias "Ethernet 6" -InterfaceMetric 30
[ 2023/03/23 08:43:59 ][SecuExtender Helper] ZyShellExecute start.
[ 2023/03/23 08:44:00 ][SecuExtender Helper] ZyShellExecute WaitForSingleObject() result = 0
[ 2023/03/23 08:44:01 ][SecuExtender Helper] GetExitCodeProcess
[ 2023/03/23 08:44:01 ][SecuExtender Helper] lpszFile = powershell, lpszParam = Set-NetIPInterface -InterfaceAlias "Ethernet 6" -InterfaceMetric 30, dwExitCode = 1, dwError = 0
[ 2023/03/23 08:44:01 ][SecuExtender Helper] Failed to read from client(2): 109, 0
[ 2023/03/23 08:44:01 ][SecuExtender Helper] Start to Disconnect pipe...
[ 2023/03/23 08:44:01 ][SecuExtender Helper] Shutting down a pipe connection instance...

My doubt was also the NAT on the router, but if i put a simply rule of NAT, like the same post up, for example from 10443 to 443 (for achieve the Web Interface of firewall from extern) works well.

There is some configuration that i missing?

All Replies

Security Highlight