VNC Access through Global protect

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

VNC Access through Global protect

L4 Transporter

Hi all

We have internal server that must be accessed through VNC and HTTP.

Internally it works well but when we try to connect from outside through Global Protect it is blocked

Access  Policies  from GP to Internal allowed. But  not  working. 

11 REPLIES 11

Cyber Elite
Cyber Elite

@Radmin_85,

Can you post the actual security policy that you have to allow the traffic, along with verifying that your Gateway settings under Agent > Client Settings include an access route if you are utilizing split tunnel. 

I'd also recommend looking at the traffic logs and seeing what they tell you, as it will give you a better insight into where the problem actually is. Do you see the traffic from your GlobalProtect client hitting the firewall? Can you see traffic from the server attempting to hit your GlobalProtect clients? It might be worth taking a packet capture directly on the server as well. 

Thanks i will check

What i have learned is:

The outside users can connect any other server inside with GP.But there is one spesific server inside which is Siemens Simantic server to which users cannot connect from outside with HTTP.

They wanted to use VNC as alternative but no way.That is the logs.The security rule is allowing any any from GP zone to Trust zone.Everything works fine except this server with Siemens web server

May be someone meet such case.Is there any specification about it?Can it be because of HTML version or something else?

Screenshot_4.pngScreenshot_5.png

you stated any,any, does that include application and service...

 

it may be best if you post the actual security policy as @BPry suggested.

 

image002.png

 

Please  the information provided  bellow;
 DELL Precision T1650 RACKMOUNT
Intel Xeon E3-1240 v2 (3.40GHz, 8MB, QC)
1 GB NVIDIA Quadro 600
1x500GB  3.5inch Serial ATA (7.200 Rpm) Hard Drive
8GB (2x4GB) 1600MHz DDR3 Non-ECC
Windows 7 SP1  Ultimate (English) 64 Bit

USB
 TR Q professional keyboard, Optical USB Mouse

HD 1920 x 1080 @60 Hz i Destekleyecek 1xDP çıkışlı Ekran Kartı TakılmalıDELL
Web Server    IIS VERSION 7.

 

 

 

image001.png@01D3AB13.1EF753D0

Hi @Radmin_85

 

In such cases it may help if you check the column "Bytes received" in your logs. It there is a 0, the problem could also be a local firewall or accesslist on the server.

And what filter did you use ond the screenshot? Did you filter on the source and destination IP or the rulename or something completely different?

Screenshot_2.pngScreenshot_3.pngFirst is logs.And as you see the server 172.17.79.2 get incomplete and some bytes are recieved

and the second is actual security rule.

We also cannot access to this server via http

Actually in this screenshot there is only the "bytes" column, but not "Bytes received"

Screenshot_5.pngAs you see there is no received bytes

Hi @Radmin_85

 

  • Is the firewall with GP Gateway the only firewall in between? If yes, is this subnet of that server directly vonnected to this firewall?
  • From where in the internal network is it working? From the same subnet or also from other subnets?
  • Did you check the local firewall on that server?
  • 5460 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!