Hi,
I have an SSL VPN set up to the WAN IP address of my XG device, and WAF is also on that same WAN IP.
My WAF paths look like this:
/app1 -> server1 - only allowed from LAN network
/app2 -> server2 - only allowed from LAN network
/app3 -> server3 - allowed from internet
/OWA -> exchange server - allowed from internet
I want to allow access to /app1 and /app2 when the user is connected via VPN. This isn't working though, because I can't route the WAN IP through the VPN, or else the VPN wouldn't work.
I also tried doing split DNS for the fqdn of the external hostname and then publishing WAF on an internal IP but the SSL VPN connected devices don't resolve it.
I can add authentication to /app1 and /app2, but for the best user experience I would want to exclude authentication for LAN network and only require it when accessing from WAN, but there is no mechanism to exclude authentication either.
I could purchase another WAN IP, but that is additional work and ongoing cost.
Can anyone make any suggestions?
Thanks
James
This thread was automatically locked due to age.