Hi, thanks in advance for your help.
Generic scenario:
I want to connect outside my network using an SSL VPN client and it uses Port 443. I open the connection on my firewall to allow 443 out.
I have a software application that allows me to view other VMs and that software uses port 4700. I want to view the VMs outside my network and on the network I VPN into. Do I also need to allow port 4700 on my firewall?
The VPN creates the secure tunnel using 443. the traffic going through the tunnel on port 4700, how is that seen by the host firewall and/or border firewall for that matter? Isn't it hidden in the tunnel?
again, thanks in advance for bearing with this newbie...
If the firewall is in front of the SA/MAG device, you will want to open tcp port 443 (ssl) and udp port 4500 (esp). Any traffic going through the tunnel will not need to be opened on the firewall since this data is encapsulated via ssl or esp.
You might find this overview of deployment options helpful.
SSL deploy options:
http://kb.pulsesecure.net/InfoCenter/index?page=conten