A User Cannot Access Intranet Resources Through a Enabled with the Port Forwarding Service

A user cannot access intranet resources with the port forwarding service.

Cause 1: The network between the SSL VPN gateway and an intranet server was faulty.

Cause 2: The port forwarding service was not enabled.

Cause 3: The user connection timed out.

Cause 4: The service port that connected the intranet server to the SSL VPN gateway was not enabled.

Cause 5: Security policies were configured incorrectly.

Cause 6: The user host did not have the default gateway configured.

• Cause 1: The network between the SSL VPN gateway and an intranet server was faulty.
  1. Log in to the Web UI for the FW as the system administrator. In the navigation tree, choose Monitor > Diagnosis Center.
  2. Click the Ping icon. In Host Name or IP Address, enter the intranet server IP address.

  3. Click Ping to check the network connectivity.

     If the IP address cannot be pinged, the network between the SSL VPN gateway and the intranet server is faulty. Verify the connections between the SSL VPN gateway and intranet server and the routing configurations.

• Cause 2: The port forwarding service was not enabled.

  Log in to the SSL VPN gateway. If Enable is displayed under Port Forwarding, the port forwarding service is not enabled. Click Enable.

• Cause 3: The user connection timed out.

  Log in to the SSL VPN gateway. If Enable is displayed under Port Forwarding, the port forwarding service is not enabled. Click Enable. If the system returns to the login page, re-log in to the SSL gateway and enable the port forwarding service.

• Cause 4: The service port that connected the intranet server to the SSL VPN gateway was not enabled.
  1. Log in to the intranet server and choose Start > Run. The Run dialog box is displayed.
  2. Enter cmd and click OK.

  3. In the displayed CLI, run the netstat -anp tcp command to check whether the service port is in the listening state.

     • If yes, the service port is enabled.

     • If no, the service port is not enabled. Then enable it.

• Cause 5: Security policies were configured incorrectly.
  1. Log in to the Web UI for the FW as the system administrator. In the navigation tree, choose Policy > Security Policy > Security Policy.
  2. In the displayed page, check the security policy configuration. If there is a security policy that disables the user from using the port forwarding resource, change this security policy.

• Cause 6: The user host did not have the default gateway configured.

  When the user uses the port to forward services, if the host does not have the default gateway configured, the service may be abnormal.