SSL WEB Application

Raf Posts: 2
edited April 14 in Security
I have an USG40 behind a natted router on my WAN with IP
I have moved https from port 443 to 44443 to have less "noise" on log file :)
I have a Tomcat  server on my LAN1 side
I have configured SSL Application with these parameters:
Server Type "Web Server"
Name: "MYTomcatApp"
Entry Point:  "/csa/"
I have also tried to omit the optional entry point BUT when I connect with SSL VPN user, and I start the "MYTomcatApp" I obtain this result: (from ANY browser)

Bad Gateway

The proxy server received an invalid response from an upstream server.

Additionally, a 400 Bad Request error was encountered while trying to use an ErrorDocument to handle the request.

In the log file I see only this:

7    2019-04-26 11:18:13  info    SSL VPN        web application MYTomcatApp has been accessed. sent=958 rcvd=141 [count=4]
8    2019-04-26 11:17:54    info    SSL VPN        User user1 has accessed web application MYTomcatApp [count=2]

What I miss to configure?
I tried also with others web servers in my LAN but with same results.
Thank you in advance

Accepted Solution


All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 931  Zyxel Employee
    edited April 2019
    Hi @Raf
    Your configuration should be correct. 
    For resolving this issue I will send you private message to get more detail information.
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 931  Zyxel Employee

    Hi @Raf

    The revers proxy mode is coding by Java. Since Java have some of security concern.

    So many browser may not support any more.

    We would like to suggest you use full tunnel mode(SecuExtender) for this scenario.

  • Raf
    Raf Posts: 2
    Yes, I do .
  • Hi,

    we are currently facing the same problem but we can't solve it, can you please tell us the procedure?

    Thank you 

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 469  Zyxel Employee



    As @Zyxel_Stanley previous mentioned

    We would like to suggest you use full tunnel mode(SecuExtender) for this scenario.

    By using SecuExtender, you can build up tunnel to the device, then you can login to your server.

    Here is the step to setup SSL VPN on USG with SecuExtender to login.

    Go to Configuration > VPN > SSL VPN > Access Privilege > Add SSL VPN rule

    Add user for SSL VPN 

    Add IP range for SSL VPN

    Select User/Group 

    Enable Full Tunnel Mode for SSLVPN tunnel

    Assign IP Pool for SSL VPN rule

    Select the Network to allow user to access.

    Test result

  • SyoSilIT
    SyoSilIT Posts: 3
    edited August 2020
    thanks, I already got SecuExtender to work 100% but I thought the idea for SSL applications was that you could add a user in the router to access in internal website without the SecuExtender. E.g. For instance, allow a client to access a bug tracking system internal to your network...?

    Thaks, JSA
  • Zyxel_Emily
    Zyxel_Emily Posts: 789  Zyxel Employee
    If you're using SecuExtender (full tunnel mode) to establish SSL VPN to USG/ZyWALL, you don't need to configure SSL application.
  • SyoSilIT
    SyoSilIT Posts: 3
    edited February 12
    Agree but maybe I am on a computer where I cannot run the full SSL VPN application then this feature would be very handy. In the scenario that I am in then I cannot run the SSL VPN in full tunnel mode or do SSH or anything. This feature would solve my problems but it seems like it has been left behind for years and it is not updated to meet the standards of current browsers. Why not just remove it?
  • Zyxel_Vic
    Zyxel_Vic Posts: 222  Zyxel Employee
    Hi @SyoSilIT
    Thanks for your suggestion and yes we're considering the same idea since it is deprecated now days. 

Security Highlight