Flex 200 and public web server

Options
CRP0499
CRP0499 Posts: 16  Freshman Member
First Anniversary 10 Comments
edited May 2023 in Security

I have a new Flex 200 and it's all set up and configured. I have NAT/Sec Policies for SIP and SSH working as expected, but I can't get Remote Desktop Services and a WEB server accessible from the outside. Note - the RDS is coming in on a different public IP than the web server so I have NAT policies for each of the two IPs sending that traffic to their respective private servers.

I created address objects and wrote NAT policies and Security Policies for the WEB server and I can't access it externally.

The Flex is managed on 8443 so I don't think that's my issue. I'm getting a

Match default rule, DNAT Packet, DROP

error in the log. It's for a Security Policy so I'm thinking I'm missing something in the sec pol, but I can't figure out what it is.

Anyone have any ideas?

Thanks

New INFO: If I switch the default rule to allow, I get an error that I've exposed the mgt interface and the SSLVPN to access from the internet so I'm pretty sure it has something to do with that.

Accepted Solution

  • PeterUK
    PeterUK Posts: 2,856  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2023 Answer ✓
    Options

    Maybe you need to change the SSLVPN port too? VPN > SSL VPN > Global setting tab

    you then need Policy Control from WAN to LAN

All Replies

  • PeterUK
    PeterUK Posts: 2,856  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2023 Answer ✓
    Options

    Maybe you need to change the SSLVPN port too? VPN > SSL VPN > Global setting tab

    you then need Policy Control from WAN to LAN

  • CRP0499
    CRP0499 Posts: 16  Freshman Member
    First Anniversary 10 Comments
    Options

    SSLVPN is already set to 9443 and I do have a policy set to allow https traffic on the public IP directed to the web server.

  • CRP0499
    CRP0499 Posts: 16  Freshman Member
    First Anniversary 10 Comments
    Options

    I added the WAN to LAN1 policy and it's working. Thank you.

Security Highlight