Hello all,
I realize that others have asked about this topic and I have read through all posts I could find, however I am still unable to resolve the issue
I have an Astaro 9.105-9 at an Amazon cloud with an elastic IP address.
I have two DNAT rules pointing both HTTP and HTTPS to an app server behind the firewall.
On HTTP one can access the website. USing HTTPS you cannot access it.
It is important to note that everything worked fine previously until the firewall crashed (and we did not have a backup/had to build this from scratch). This means that there is no problem with the app server (thought we did check it again to be sure)
Because this is on Amazon, the public (Elastic) IPs are additional interfaces on public (though it does not need that to work). The public interface comes up as Ethernet DHCP and this cannot be changed.
I have tried many different things:
1) I made sure SSL VPN site-to-site are switched off
2) User portal is switched off
3) I created an additional packet filter rule for HTTPS in different ways to allow explicit access
4) I tried to add a few masquerading rules. (internal to public + internal to public additional IPS) and I tried to swap the order of these rules.
Internal (Network)→Public
Internal (Network)→Public/ElasticIP
5) Intrusion prevention is turned off.
6) Packet filter rule does not show any default drop that relates to me trying to access the HTTPS website
7) HTTP Proxy is turned off
8) Application control is turned off
9) Webserver firewall is turned off
10) I created additional Natting rules where
Traffic selector: Any→HTTPS →Amazon Public IPs
Traffic selector: Any→HTTPS →Public (Address)
And I tried to swap the order of these rules.
Please help if you have any thoughts.
Thank you so much!
This thread was automatically locked due to age.
