This is basically an tunneling encapsulation , so the traffic between two vpn's endpoints goes thru 443 port .
In bridge it is short-circuited; however, in TRP mode as this is using reverse proxy on top of bridge we cannot short-circuit before we have headers and since in RDP three are no headers we block the traffic.
Thanks,
Eyal
------------------------------
Eyal Gur
------------------------------
Original Message:
Sent: 06-24-2020 11:57
From: Fred Percynski
Subject: SSL VPN behind on-prem WAF
Hi,
I am aware that "officialy" the VPN connections are not supported by the WAF GW. However when we use the WAF GW in bridged mode everything works perfectly fine. Do you have any insight about what the WAF GW is doing in TRP mode that causes RDP traffic to break?
Also according to the notes in this document (https://docs.imperva.com/bundle/v12.6-web-application-firewall-user-guide/page/3097.htm?_ga=2.135997874.2047178774.1593008236-538298162.1586896570) "All traffic not directed to one of the specified Ports on Server IP address is bridged and inspected according to the server group, service and application applied rules.". The only port we have added to the Server IP is 443. Since RDP is using port 3389 shouldn't that traffic be bridged?
------------------------------
Fred Percynski
Third Federal Savings and Loan
Cleveland OH
Original Message:
Sent: 06-23-2020 09:42
From: Eyal Gur
Subject: SSL VPN behind on-prem WAF
Hi,
VPN connections are NOT supported by our WAF GW - as mentioned in this KB - https://www.imperva.com/sign_in.asp?retURL=/articles/Reference/Does-Imperva-WAF-support-VPN-traffic
When we detect RDP protocol we are blocking it as non HTTP protocol. In bridge mode (TRP the samewe are unable to decrypt the traffic so we just short circuiting it.
Thanks,
Eyal
------------------------------
Eyal Gur
Original Message:
Sent: 06-22-2020 16:28
From: Fred Percynski
Subject: SSL VPN behind on-prem WAF
Looking for advice on how to troubleshoot a problem when using Securesphere on-prem WAF in Transparent Reverse Proxy mode.
We have a Pulse Secure SSL VPN appliance connected to the WAF. A user on the Internet initiates an http connection to the VPN appliance. This traffic goes through the WAF and then to the VPN appliance. Once logged into the VPN the user clicks a link to initiate an RDP session to an internal workstation. The RDP traffic also goes back through the WAF to reach the internal network. When the WAF is running in bridged mode the RDP session works fine. But when the WAF is running in TRP the RDP session is never established. Something on the WAF is blocking the RDP traffic and I don't have enough experience to know where to look or how to troubleshoot. Any ideas are appreciated.
I'm aware of Imperva's official position that they don't support VPN products because they can't "speak" VPN. But the fact is we get a lot of value by having the WAF protect the VPN site. The WAF blocks known malicious IPs, etc.. So we would like to continue using the WAF but need it to work in TRP. The reason for switching from bridged mode to TRP is to allow the VPN to use DHE ciphers.
-Fred
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Fred
------------------------------