USG40: disable the web authentification on the WAN side, but keep it internally (LAN)

2»

Comments

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    If your wanting to do SSL VPN you will be allowing WAN to ZyWall on port 443 is this what your doing? 

  • ictforever
    ictforever Posts: 15  Freshman Member
    First Comment Friend Collector
    I have a IPSEC VPN configured from Office to Branch. I don't know which port that is to be honest.
    What I do know, something in the policy rule WAN to Zywall is disabling my vpn connection when I disable it.
  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    So you need a rule for WAN to Zywall with service ports for the IPSEC VPN so you don't allow all service ports.

    You could do it as:

    first rule WAN to Zywall deny to service HTTPS

    second rule WAN to Zywall allow all

  • ictforever
    ictforever Posts: 15  Freshman Member
    First Comment Friend Collector
    That did the trick. What also worked is to remove the https from the default group.

    Thanks @PeterUK

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)