Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 2507 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Controlling Remote SSL Clients

Jae Lupo

Hi,


I am having an issue controlling remote SSL VPN clients with VNC or RDP. Users connect to our XG firewall (Version 17.5.8 MR 8) just fine and can access all services on the local LAN from home. I want to be able to VNC or RDP into their PCs from the local LAN but there seems like there is a block between the local LAN going back to the SSL VPN client network. I have tried every kind of firewall rule to connect these two networks. I used to use the Sophos IPSec VPN clients on V9 and this process worked just fine. Since upgrading to XG and SSL VPN clients it does not work. Does anyone know if this is blocked by design or I am doing something wrong? Any help would be appreciated. Thanks.


Jae

Local LAN 192.168.1.x
SSL VPN 10.10.10.x



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Keyur

    Keyur,

    I tried your solution; enable "Use as default gateway"  and the connected clients could not see any network resources either by name or IP address  Does anyone else have a solution for this issue?  I know there is a setting missing here and I don't need a full tunnel for this to work as it worked on UTM 9 with an IPSec client with no problems.  Thanks.

  • +1 in reply to Jae Lupo

    Hi,

    Define the host (IP subnet because the IP range does not work), e.g. "sslVPN-IP IP subnet 10.10.10.0/255.255.255.0 IPv4". Add this subnet in the ssl VPN remote access definition as Permitted network resources (IPv4). Define the firewall network rule for VPN
    Source zone: LAN + VPN any any   Destination zone: VPN + LAN any any
    NAT & routing do not select.
    It should work as you wanted.

    Regards
    Jan

  • 0 in reply to JanSadlik

    Jan,

    You are brilliant!!  Thank you so much for this fix.  This works perfectly and I still have a split tunnel SSL VPN and I can control and help all my remote users safely and securely.  You are the best!

    Jae

  • 0 in reply to Keyur

    Keyur,

    I would read the solution to this thread so you can inform users properly in the future.  I knew this was possible without a full tunnel (which didn't work by the way) I just needed the right settings.

    Jae

  • 0 in reply to Jae Lupo

    Hi  

    Thank you for updating the thread with the solution.

    Thank you  for sharing tour expertise, much appreciated.

    I have tested the "Use Default Gateway" option in my local lab and able to achieve your requirements and suggested accordingly.

    Glad to know that the issue got resolved and community members are helping each other.

  • 0 in reply to Keyur

    Thanks Keyur I appreciate your help.

    Jae