SSL VPN Not Working Post ATP200/800 Firmware Upgrade

13»

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,039  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Hi @NEP

    It is the same symptom on eITS#220701020, on v.5.30 firmware you can establish an SSL VPN connection via the device Web-GUI port and SSL VPN server port as well. Once you update to v.5.32 firmware, only can use the SSL VPN server port to establish SSL VPN, such as the below specific port 9998.


    The default port is still 443 in v.5.32 firmware.


    Thanks.
  • NEP
    NEP Posts: 61  Ally Member
    First Anniversary 10 Comments Friend Collector
    @Zyxel_Jeff Thanks for the explanation. Don't recall seeing a clear indication of this in the Release Notes. Seems like quite a breaking change. Then again, I suppose this is more related to an incorrect configuration in the original setup. You guys can't be expected to know all the configurations in-use. Is it safe to assume that you recommend using different ports for HTTPS and SSL VPN access? Thanks!
  • NEP
    NEP Posts: 61  Ally Member
    First Anniversary 10 Comments Friend Collector
    @Zyxel_Jeff Or is that what "[Bug Fix] eITS#220500690 a. Fix: SSLVPN service port keeps using the original port after manually customized it" indicates?
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,039  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    NEP said:
    @Zyxel_Jeff Or is that what "[Bug Fix] eITS#220500690 a. Fix: SSLVPN service port keeps using the original port after manually customized it" indicates?
    Yes, you are correct. We fixed it on V.5.31 firmware, the purpose is to differentiate SSL VPN and HPPTs web-GUI port. Besides, we encourage our customers to differentiate those two ports for better security protection. Please refer to this guide - Best Practices to Secure a Distributed Network Infrastructure.


    Thanks B) .

  • NEP
    NEP Posts: 61  Ally Member
    First Anniversary 10 Comments Friend Collector
    @Zyxel_Stanley Thanks for the "Best Practices" link. We had Trusted IPs and Geolocation set up and I separated the HTTPS and SSL VPN ports yesterday. I'll peruse that page when I get a chance. Please consider this matter closed. Thank you!
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,039  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    NEP OK, you are welcome :3 !

Security Highlight