cancel
Showing results for 
Search instead for 
Did you mean: 

Network Connect,Webebbokmark Question

SOLVED
Telnet-1_
Occasional Contributor

Network Connect,Webebbokmark Question

I can use many methods to access resources throgh SSL-VPN , i have a question :

when using Network connect , the requset originated from the SSL VPN to the backend resource will reach the backend with source ip = SSL-VPN ip or the NC Ip pool ?

when using Web bookmark , the requset originated from the SSL VPN to the backend resource will reach the backend with source ip = SSL-VPN ip or the connecting machine ip ?

I'm asking beacause i have a firewall with 3 zones & i want to know which ips to allow on the policies :

WAN zone: ussers connect from it

SA zone : SSL-VPN connected to it

trust zone : Backend resources connecte to it

1 ACCEPTED SOLUTION

Accepted Solutions
zanyterp_
Respected Contributor

Re: Network Connect,Webebbokmark Question

Q: when using Network connect , the requset originated from the SSL VPN to the backend resource will reach the backend with source ip = SSL-VPN ip or the NC Ip pool ?

A: Specific IP of the user from the NC IP pool

Q: when using Web bookmark , the requset originated from the SSL VPN to the backend resource will reach the backend with source ip = SSL-VPN ip or the connecting machine ip ?

A: SSL VPN internal port is the default (it is not possible for users to source from the external port). If you have configured VLANs/virtual ports and have enabled these on a role (Users>User Roles>roleName>General, Options) and defined a port other than the internal port (Users>User Roles>roleName>General>Virtual Port/VLAN), then that will be the source IP.

View solution in original post

3 REPLIES 3
zanyterp_
Respected Contributor

Re: Network Connect,Webebbokmark Question

Q: when using Network connect , the requset originated from the SSL VPN to the backend resource will reach the backend with source ip = SSL-VPN ip or the NC Ip pool ?

A: Specific IP of the user from the NC IP pool

Q: when using Web bookmark , the requset originated from the SSL VPN to the backend resource will reach the backend with source ip = SSL-VPN ip or the connecting machine ip ?

A: SSL VPN internal port is the default (it is not possible for users to source from the external port). If you have configured VLANs/virtual ports and have enabled these on a role (Users>User Roles>roleName>General, Options) and defined a port other than the internal port (Users>User Roles>roleName>General>Virtual Port/VLAN), then that will be the source IP.

View solution in original post

Telnet-1_
Occasional Contributor

Re: Network Connect,Webebbokmark Question

Thanks , and when using WSAM or JSAM , the situation will be like Q1 or Q2 ?

zanyterp_
Respected Contributor

Re: Network Connect,Webebbokmark Question

Q2. The only traffic that does not originate using the IVE internal port is Network Connect; all other traffic (web, files, RDP, SAM, etc) uses the internal port IP as the source address.