Frontend and Backend firewall rules needed for SSTP VPN with UAG in DMZ only networks?? RRS feed

  • Question

  • We want to setup SSTP VPN.  Our UAG server will have one NIC in the public DMZ, and another NIC in the internal DMZ.  It will not have a NIC connected to the internal corp network.  This UAG server will be joined to a DMZ AD Domain, not the internal corp AD domain.  There will be trust between the two domains however as this is supported with UAG.

    My question is what firewall rules do I need to allow for clients to have full access to the internal corp network via SSTP VPN?

    Thursday, October 27, 2011 8:39 PM


  • Hi Amig@. From Internet to the External interface of UAG only HTTPS is needed. From Private DMZ to the corp Intranet the traffic will depend on what you want the VPN users to have access to. In the widest scenario you should allow Any from the VPN address range pool to the corp intranet. If the user only need access to certain servers/applications limit that traffic in the internal firwall to match that access.
    // Raúl - I love this game
    • Edited by RMoros Friday, October 28, 2011 7:21 AM
    • Marked as answer by philldogger Monday, October 31, 2011 6:57 PM
    Friday, October 28, 2011 7:20 AM