UNABLE TO HTTPS TO PUBLIC IP ADDRESS OF X5 OVER IPSEC TUNNEL

Symptoms:

• Unable to https to public IP address of X5 over IPSec tunnel

Facts:

• X Family
• X5
• X506
• Firewall
• https
• http
• External IP Address
• Firewall rules and services all WAN to this device
• Login page does not appear

Causes: If you are located on the LAN and attempt to https: to the external IP address of a remote X5 or X506 over an IPsec tunnel , the login page will not appear. If the external address is the vpn tunnel peer (show vpn ipsec), The firewall will use the tunnel interface to send the packet. The firewall will not use the default gateway. This can be verified by disabling the SA and then attempting to https: to the remote external IP address.

Fixes: https to the remote LAN IP address to manage the device.

• Product(s): X Family

— David Gonzalez 2021/04/16 09:18