Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 2507 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Controlling Remote SSL Clients

Jae Lupo

Hi,


I am having an issue controlling remote SSL VPN clients with VNC or RDP. Users connect to our XG firewall (Version 17.5.8 MR 8) just fine and can access all services on the local LAN from home. I want to be able to VNC or RDP into their PCs from the local LAN but there seems like there is a block between the local LAN going back to the SSL VPN client network. I have tried every kind of firewall rule to connect these two networks. I used to use the Sophos IPSec VPN clients on V9 and this process worked just fine. Since upgrading to XG and SSL VPN clients it does not work. Does anyone know if this is blocked by design or I am doing something wrong? Any help would be appreciated. Thanks.


Jae

Local LAN 192.168.1.x
SSL VPN 10.10.10.x



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Keyur

    Keyur,

    I tried your solution; enable "Use as default gateway"  and the connected clients could not see any network resources either by name or IP address  Does anyone else have a solution for this issue?  I know there is a setting missing here and I don't need a full tunnel for this to work as it worked on UTM 9 with an IPSec client with no problems.  Thanks.

Children
  • +1 in reply to Jae Lupo

    Hi,

    Define the host (IP subnet because the IP range does not work), e.g. "sslVPN-IP IP subnet 10.10.10.0/255.255.255.0 IPv4". Add this subnet in the ssl VPN remote access definition as Permitted network resources (IPv4). Define the firewall network rule for VPN
    Source zone: LAN + VPN any any   Destination zone: VPN + LAN any any
    NAT & routing do not select.
    It should work as you wanted.

    Regards
    Jan

  • 0 in reply to JanSadlik

    Jan,

    You are brilliant!!  Thank you so much for this fix.  This works perfectly and I still have a split tunnel SSL VPN and I can control and help all my remote users safely and securely.  You are the best!

    Jae