Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who rated this post

Access to Web-GUI (on MGMT-Port) via IPSec-Tunnel from external network

L0 Member

Hey everyone,

 

I have the following active-passive-HA-scenario:

 

ethernet1/1: External Interface (vpn termination point)

ethernet1/2: Internal Interface

MGMT: Management-Interface

HA1: HA

HA2: HA

 

For administrative and monitoring purposes I need access from an external network to the WEB-GUI of both firewall-systems. Because of active-passive-HA, just one firewall is available at the same time. So I thought: Is it possible to establish a IPSec-Tunnel between two firewall to get access to the WEB-GUI:

 

The ipsec tunnel works fine and I can see hits on the security policy which should allow the traffic from external network to the Management-Interface of the palo alto firewall. But the access via https does not work. 😞

 

My questions:

- Is it possible to get access from external network via ipsec-tunnel to the Management-Interface of a Palo Alto Firewall?

- Are there other ways to get access from external network via ipsec-tunnel to the WEB-GUI of both firewall-systems?

 

 

Thanks in advance

Who rated this post