- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-20-2018 03:52 AM
Hi all
We have internal server that must be accessed through VNC and HTTP.
Internally it works well but when we try to connect from outside through Global Protect it is blocked
Access Policies from GP to Internal allowed. But not working.
02-20-2018 06:10 AM
Can you post the actual security policy that you have to allow the traffic, along with verifying that your Gateway settings under Agent > Client Settings include an access route if you are utilizing split tunnel.
I'd also recommend looking at the traffic logs and seeing what they tell you, as it will give you a better insight into where the problem actually is. Do you see the traffic from your GlobalProtect client hitting the firewall? Can you see traffic from the server attempting to hit your GlobalProtect clients? It might be worth taking a packet capture directly on the server as well.
02-21-2018 01:05 AM
What i have learned is:
The outside users can connect any other server inside with GP.But there is one spesific server inside which is Siemens Simantic server to which users cannot connect from outside with HTTP.
They wanted to use VNC as alternative but no way.That is the logs.The security rule is allowing any any from GP zone to Trust zone.Everything works fine except this server with Siemens web server
May be someone meet such case.Is there any specification about it?Can it be because of HTML version or something else?
02-21-2018 06:45 AM
you stated any,any, does that include application and service...
it may be best if you post the actual security policy as @BPry suggested.
02-22-2018 07:16 AM - edited 02-22-2018 07:18 AM
Please the information provided bellow;
DELL Precision T1650 RACKMOUNT
Intel Xeon E3-1240 v2 (3.40GHz, 8MB, QC)
1 GB NVIDIA Quadro 600
1x500GB 3.5inch Serial ATA (7.200 Rpm) Hard Drive
8GB (2x4GB) 1600MHz DDR3 Non-ECC
Windows 7 SP1 Ultimate (English) 64 Bit
USB TR Q professional keyboard, Optical USB Mouse
HD 1920 x 1080 @60 Hz i Destekleyecek 1xDP çıkışlı Ekran Kartı TakılmalıDELL
Web Server IIS VERSION 7.
02-22-2018 08:31 AM - edited 02-22-2018 08:33 AM
Hi @Radmin_85
In such cases it may help if you check the column "Bytes received" in your logs. It there is a 0, the problem could also be a local firewall or accesslist on the server.
And what filter did you use ond the screenshot? Did you filter on the source and destination IP or the rulename or something completely different?
02-22-2018 10:20 PM
First is logs.And as you see the server 172.17.79.2 get incomplete and some bytes are recieved
and the second is actual security rule.
02-22-2018 10:22 PM
We also cannot access to this server via http
02-22-2018 11:12 PM
Actually in this screenshot there is only the "bytes" column, but not "Bytes received"
02-23-2018 02:11 AM
As you see there is no received bytes
02-23-2018 07:55 AM - edited 02-23-2018 07:57 AM
Hi @Radmin_85
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!