Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 3010 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help! Firewall is "reachable" from Internet, but not able to connect to VPN or internal servers

EdmundSackbauer

I am currently off site with no physical access to my firewall.

Firewall is reachable from outside, e.g. WAF port 443 gives answer to telnet, and in browser any configured site is reported as "503 Service unavailable".

Also SSL.-VPN port is listening on both external interfaces (cable modem and LTE modem)

However I cannot create a VPN connection. It is stuck with "Sending PUSH_REQUEST to server" and eventually times out.

SMTP port 25 is working and accepting connections.

What are my options, as user portal and admin portal is not reachable from internet without VPN?

I am on version 19.5MR3 and of course I havent changed anything in the config.



This thread was automatically locked due to age.
Parents
  • 0

     

    It turned out, that the problem was the RADIUS server which was not running.

    I configured the Remote access (SSL-VPN) to first use the RADIUS server (on  top) and then local users (below) to authenticate.

    I could not logon to SSL-VPN, not even with local users! How can  this be?

  • 0 in reply to EdmundSackbauer

    Can you show us the service Port? 
    And why do you now use Central as a emergency option just in case? 

    __________________________________________________________________________________________________________________

  • +1 in reply to LuCar Toni

    What service port do you mean? Authentication - Services:

    "Master" is the external RADIUS Server. My expectation would be that if that is not available, at least local users are able to log on. But that ends also in a timeout.

    I guess that is due to the Radius timeout I configured - its pretty long with 60 Seconds, to have some time to confirm with Duo Auth Proxy.

    Possibly I just need to reorder the 2 auth sources and streamline the local user list.

    I will have a look at central.

Reply
  • +1 in reply to LuCar Toni

    What service port do you mean? Authentication - Services:

    "Master" is the external RADIUS Server. My expectation would be that if that is not available, at least local users are able to log on. But that ends also in a timeout.

    I guess that is due to the Radius timeout I configured - its pretty long with 60 Seconds, to have some time to confirm with Duo Auth Proxy.

    Possibly I just need to reorder the 2 auth sources and streamline the local user list.

    I will have a look at central.

Children
No Data
Unfiltered HTML