Table of Contents
Advertisement
VPN menu features
Port tunnels
If you can ping across the tunnel, then check if the MTU of the IPSec interface is allowing packets to go
through. Reduce the MTU if large packets are not being sent through the tunnel.
If the application is still not working across the tunnel, then the problem is with the application. Check
that the application uses IP and does not use broadcast packets since these are not sent across the
IPSec tunnels. Contact the producer of the application for support.
Port tunnels
Port tunnels are point-to-point tunnels similar to regular VPNs, but only offer transport for a TCP service
from one end of the tunnel to the other. This allows you to wrap a TCP service, such as Telnet or mail
retrieval (POP3), in an HTTP or SSL connection. A single port tunnel can transport a single TCP port only.
The UTM Firewall appliance supports two kinds of port tunnels:
• HTTP tunnels (unencrypted)
• SSL tunnels (encrypted)
HTTP Tunnels are port tunnels that send data using the HTTP protocol and are not encrypted. HTTP tunnels
can be useful when the appliance is behind a firewall that only allows outgoing HTTP connections and blocks
all other traffic.
SSL Tunnels are port tunnels that send data using an encrypted SSL pipe. In order to use an SSL tunnel,
you must first install an SSL certificate. For further information, see
be useful for encrypting TCP services that are by themselves unencrypted, such as a Telnet or FTP session.
The end of the port tunnel that is offering the TCP service (such as a Telnet or FTP server) must be
configured as a Tunnel Server. The end of the port tunnel that is accessing the TCP service must be
configured as a Tunnel Client.
You can created nested tunnels, such as a secure SSL tunnel over a HTTP tunnel. For more information, see
Creating nested port
The following procedures are provided in this topic:
•
Configuring an HTTP tunnel client
•
Configuring an HTTP tunnel server
•
Configuring an SSL tunnel client
•
Configuring an SSL tunnel server
Configuring an HTTP tunnel client
Use this procedure to configure an HTTP tunnel client that corresponds to an HTTP tunnel server.
From the VPN menu, click Port Tunnels. The Port Tunnels page appears
1
Figure 317 Port Tunnels page
Select HTTP Tunnel Client from the tunnels list and click Add. The HTTP Tunnel Client page appears
2
(Figure
318).
312
McAfee UTM Firewall 4.0.4 Administration Guide
tunnels.
Certificates for
HTTPS. SSL tunnels can
(Figure
317).
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
