cancel
Showing results for 
Search instead for 
Did you mean: 

Access to the Web site is blocked by your administrator

SOLVED
Occasional Contributor

Access to the Web site is blocked by your administrator

Hi, 

 

I have this problem:

I would like to permit my VPN users to access to external IP by VPN Network.

 

For example:

My VPN Network is: 10.10.10.0/23

My External IP is: 192.192.192.x

 

The External IP is on AWS and have restrict IP inbound (only public IP of SSLVPN).

 

Now I created a user roles and set Web lik on 8080 port.

I created and associated a WSAM allowed servers 

 

But when I connet to SSLVPN, and click on the link I receive this error:

Access to the Web site is blocked by your administrator. Please notify your system administrator. Made http request for GET / HTTP/1.1 to 192.192.192.x:8080

 

Thanks for the support

Marco

6 REPLIES 6
Moderator
Moderator

Re: Access to the Web site is blocked by your administrator

Hi Marco,

You have to create a selective rewrite policy to do the action (Don't Rewrite. Redirect to the target web server) for 192.192.192.x:8080 resource.

Selective Rewrite Policy: Users -- Resource Policies -- Web -- Rewriting -- Selective rewrite policy -- http://192.192.192.x:8080 or https://192.192.192.x:8080 --- Don't Rewrite. Redirect to the target web server.

If you have created the bookmark using Web resource profile, then browse to the porfile and click on "Show all autopolicy" -- Check the Autopolicy: Rewriting --- Select "No Rewriting (use WSAM) -- Save changes. Doing this will automatically creates a selective rewriting policy just like the above step.

Hope this helps.

Ray.
Occasional Contributor

Re: Access to the Web site is blocked by your administrator

Hi Ray,

thanks for your reply.

 

But if I select Don't Rewrite (with redirect) the IP ins't of SSLVPN and the page is not visible.

 

Thanks

Marco

New Contributor

Re: Access to the Web site is blocked by your administrator

Hi Marco,

 

Are you using also the external interface or just the internal interface?

The WSAM connections use as source interface the internal interface. You have to be sure that the internal interface can go to the AWS resource and also you have to be sure that the IP address of the internal interface (or the NAT used) is allow by the AWS resource

 

 

Moderator
Moderator

Re: Access to the Web site is blocked by your administrator

Hi Marco,

 

You're right, selecting Don't Rewrite (with redirect) will redirect the users to go the webpage directly which then should be tunneled by WSAM proxy and the VPN server should be able to send the traffic out using it's Internal port.

 

Does the redirected traffic is not being captured by WSAM?

 

NOTE: If you're using Windows 10 RS5 (1809 update), please use PSAM (Enable Pulse Secure Client option on the user role + WSAM >> Connect directly from Pulse Client / Logon through web browser to get the Pulse Client installed) and check the behavior.

 

If you're not planning on using WSAM to capture the 192.192.192.x:8080 traffic which I thought you did, then to fix the "Access blocked" issue, please allow the 192.192.192.x:8080 by adding an allow Web ACL (Users >> Resource policies >> Web >> Web ACL >> Under resources, enter http:// or https://<IP address>:<port> and save changes.

 

Thanks,
Ray.

 

 

Occasional Contributor

Re: Access to the Web site is blocked by your administrator

Sorry I don't understand this:

 

You're right, selecting Don't Rewrite (with redirect) will redirect the users to go the webpage directly which then should be tunneled by WSAM proxy and the VPN server should be able to send the traffic out using it's Internal port.

 

With Don't Rewrite (with Redirect) the IP is the local Ip of the pc and not the SSLVPN IP correct?

 

I created a Web Access Policies and add the AWS IP, now (whitout Don't Rewrite) I can see the portal by SSLVPN IP but I have a view problem that all component isn't load correctly.

Moderator

Re: Access to the Web site is blocked by your administrator

@m.ferrara: it depends. if you do not have WSAM active and configured to capture the traffic, yes, the local IP will be seen; if, however, WSAM is active and configured to capture the traffic, the local IP will not be seen. this is because WSAM is proxying the traffic through the PCS to the backend service.

yes, sometimes web applications do not rewrite (viewed through web browser) properly. if that is the way you are looking to deploy, please open a case with our support team for further assistance