EFW Support

Hello,

I have Endian firewall setup behind my primary firewall. Something like this: [internet] -- [primary fw] -- [Endian] -- [network]

I'm trying to allow VPN access on the primary firewall. This works!

However I am not able to get to my network. I am hoping to disable the firewall on Endian temporarily to see if this is the problem, however I cannot seem to find the option. Only to turn off outgoing firewall connections. Is this possible?

Also is it posible to allow managing the firewall from the WAN (RED) network? This would also help me further troubleshoot.

Thanks for your help!

Anyone able to help?

I've tested the following:

Connected a laptop in replace of Endian firewall. --I was able to ping/remote to it via VPN. Confirming VPN is working.

On Endian firewall I have disabled:
-Outgoing firewall
-IDS
-Inter-zone filtering

-Added rules:

Uplink main RED ICMP/8 ICMP/30 allow
Uplink main RED any allow


I still am unable to access any internal resources. Hoping someone will be able to help find the issue.

Thanks!
 


UPDATE: Figured out management access. Was able to access management page via VPN. Confirmed once again VPN is functional. Network access must me prevententd by some sort of firewall rule? Thoughts welcome! I'm stumped!! Help!

Also note I put firewall back to origianl state. Items disabled (noted above) have been removed. Waiting for advise from someone. They didnt seem to help anyway.

no one? just looking for a way to allow traffic in..... I'm sure the vpn would work once traffic is permitted. I'd hate to have to switch firewalls over this...

Thanks

Where are the systems that you are trying to reach from the internet?  Between the 2 firewalls or on the internal network behind both firewalls?  If they are on the internal network, you will need to 'port forward' the appropriate ports from the outside firewall to the inside firewall and then again from the inside firewall to the internal system.

Hi,

Thanks for your response. :)

I was hoping to avoid using NAT intirely.

Network is something like below:

(vpn user) --> (firewall a) --> (Endian firewall) --> (green network)

On the Green network there are some servers which I need to be able to RDP to once connected to the VPN.

The VPN network is assigned an internal IP, and the internal interface of firewall a, external interface of Endian, and internal (green) interface of Endian have internal IP's.

during testing I was able to RDP just fine to a desktop when replacing the Endian firewall with it. (temporarily)

Thanks for your help!

If I read it correctly, you have the internal interface of 'A' and both internal and external interfaces of the 'endian' box all assigned with ip's on the same subnet (your internal lan)?  This is probably not the best scenario.  What do you want to accomplish in the end?  What do you want firewall 'a' to do and what do you want the endian box to do?

Sorry let me illustrate my network better.

Devices:

Firewall A --Hardware appliance
Firewall B --Endian Firewall

IP Blocks /location:

VPN users: 10.10.0.0/24 VPN Network located on Firewall A
WAN: Public IP located on Firewall A
LAN1: 192.168.254.0/30 Firewall A internal interface to Firewall B External Interface (RED)
LAN2: 10.10.254.0/27 Firewall B Green Interface ; primary lan
LAN3/LAN4 are also on Firewall B but not relavant to this.

So:

(vpn user 10.10.0.0) --> (public-ip-firewall a-192.168.254.1) --> (192.168.254.2-Endian firewall-10.10.254.1) --> (green network-10.10.254.0)

Basically NAT should not be required to access the internal network (green) from the VPN. Ideally if routing is working and I am able to open up a firewall rule allowing traffic in, it should work just fine.

Firewall A: WAN connectivity and primary filtering
Firewall B: Http proxy, ids, has various networks going into it, QoS...etc.

Thoughts?

Thanks!