Basic SSL VPN Information for Newbie

good2go_ · ‎09-04-2014

Hi, thanks in advance for your help.

Generic scenario:

I want to connect outside my network using an SSL VPN client and it uses Port 443. I open the connection on my firewall to allow 443 out.

I have a software application that allows me to view other VMs and that software uses port 4700. I want to view the VMs outside my network and on the network I VPN into. Do I also need to allow port 4700 on my firewall?

The VPN creates the secure tunnel using 443. the traffic going through the tunnel on port 4700, how is that seen by the host firewall and/or border firewall for that matter? Isn't it hidden in the tunnel?

again, thanks in advance for bearing with this newbie...

Kita_ · ‎09-05-2014

If the firewall is in front of the SA/MAG device, you will want to open tcp port 443 (ssl) and udp port 4500 (esp). Any traffic going through the tunnel will not need to be opened on the firewall since this data is encapsulated via ssl or esp.

spuluka · ‎09-06-2014

You might find this overview of deployment options helpful.

SSL deploy options:

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB10162

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro-Ethernet & ISP) - http://puluka.com/home

zanyterp_ · ‎09-07-2014

As kita & spuluka said, inbound from internet to the appliance is 443/4500; internally, any firewalls need to allow access to/from the VPN tunneling ip range as that is the observed address

Basic SSL VPN Information for Newbie

Basic SSL VPN Information for Newbie

Re: Basic SSL VPN Information for Newbie

Re: Basic SSL VPN Information for Newbie

Re: Basic SSL VPN Information for Newbie