SSL VPN cannot working when LAN interface choosed using Sub-interface (VLAN)

Darjo Lv1Posted 22 Dec 2023 02:46

is SSL VPN in NGAF cannot support when we used Sub interface(VLAN) ?

By solving this question, you may help 806 user(s).

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

ArsalanAli Lv3Posted 26 Dec 2023 17:36
  
Yes, SSL supports  Sub-Interfaces on WAN sites


Enrico Vanzetto Lv4Posted 27 Dec 2023 01:16
  
Hi, no problem to use ssl vpn to reach some sub networks (vlan) in your environment. You have to adjust traffic rules in order to define where vpn ssl users can go (in order to permit/exclude reaching some networks related to your vlan)
Newbie517762 Lv5Posted 27 Dec 2023 09:57
  
HiHi,

SSL VPN cannot be deployed on virtual interfaces.
For SSL VPN:
The LAN or WAN interface under Deployment doesn’t support the VLAN interface.
It only supports the physical interface or Sub-Interface (It only supports the WAN interface).
Adam Suhail Lv1Posted 27 Dec 2023 10:16
  
at the deployment of ssl vpn can choose specific interface
mdamores Posted 27 Dec 2023 11:57
  
SSL VPN only support physical interface or sub-interface it cannot be used on virtual interfaces.
jerome_itable Lv3Posted 28 Dec 2023 09:47
  
Here are some of the considerations for using SSL VPN with sub interfaces (VLANs) in NGAF:

Compatibility and Configuration:

    General Support: Most NGAFs support SSL VPN with sub interfaces, but specific configurations and limitations may vary depending on the vendor and model.
    Thorough Documentation Review: Always consult your NGAF's documentation for precise guidance and configuration steps.

Potential Considerations:

    VLAN Configuration:
        Ensure correct VLAN configuration on both the NGAF and the interface.
        Verify that the SSL VPN configuration is aware of and uses the appropriate VLAN.
    Routing:
        Confirm proper routing between the sub interface and other network segments to guarantee VPN traffic flow.
    Access Control:
        Implement appropriate access control rules on the NGAF to manage VPN traffic based on VLAN membership.
    NAT:
        If Network Address Translation (NAT) is involved, consider its configuration and potential impact on VPN traffic.
    Performance:
        Sub interfaces can introduce some overhead, so assess potential performance impacts, especially for high-traffic VPNs.
        Monitor resource usage and adjust configurations if needed.

Best Practices:

    Planning and Testing:
        Carefully plan the SSL VPN deployment with sub interfaces, considering network design, security requirements, and performance implications.
        Conduct thorough testing in a non-production environment to ensure compatibility and functionality before deployment.
    Vendor Support:
        If unsure, consult your NGAF vendor's support for best practices and troubleshooting specific to your setup.

Additional Information:

    Specific NGAF Details: For more tailored guidance, please provide the vendor and model of your NGAF.
    Diagrams and Visuals: If you have access to network diagrams or configuration examples, sharing them could facilitate a more accurate assessment.
Farina Ahmed Lv5Posted 30 Dec 2023 17:56
  
In certain network configurations, SSL VPNs might encounter limitations when deployed over subinterfaces or VLANs due to potential complexities in routing and encapsulation. While SSL VPNs can function across VLANs with proper configuration and routing settings, certain firewall or NGAF (Next-Generation Application Firewall) setups might pose challenges when handling traffic traversing VLANs, leading to issues with SSL VPN functionality. These challenges could arise from misconfigured routing, improper handling of VLAN tagging, or limitations within the NGAF system itself, potentially causing difficulties in passing SSL VPN traffic across subinterfaces or VLANs within the network architecture. Therefore, thorough configuration analysis and potential adjustments within the NGAF and VLAN settings might be necessary to enable proper SSL VPN support across subinterfaces or VLANs.

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders