A generic tunnel is made up of multiple SSL tunnels that forward the TCP traffic of the remote service. The local port used by the SSL tunnel can be configured statically or chosen by the SSL VPN service when the SSL tunnel is enabled. Ensure that you do not have any local services listening on the ports assigned to the SSL tunnels. You can only tunnel TCP connections.
Before You Begin
- Enable SSL VPN and CudaLaunch. For more information, see CloudGen Firewall Configuration for CudaLaunch.
- If you are assigning a fixed local port, verify that the port is not already in use.
Create a Generic Tunnel
Configure a resource containing one or more SSL tunnels that forward the TCP traffic of the remote service. Access to tunnel resources can be limited via the user groups.
Go to VPN > SSL VPN.
Click the Resources tab.
In the Generic Tunnels section, click Generic Tunnel. The Add Generic Tunnel window opens.
Set Enable to Yes.
- (optional) Click Browse to upload a PNG file for the web portal. It must be less than 30 kB and no larger than 80x80 pixels.
- In the Name field, enter the visible name for the tunnel resource. This is the name used in the web portal for this resource.
- For each port you want to forward, add an SSL tunnel:
- Enter the Name.
- Configure the SSL tunnel settings:
- Server Host – Enter the IP address, hostname, or FQDN of your internal server.
- Application TCP Port – Enter the port the service on the internal server is listening on.
Client Loopback TCP Port – Enter the local port the SSL tunnel listens on. Enter
0for the firewall to select a random port.
- Click + to add the SSL tunnel.
- (optional) To restrict access to this generic tunnel based on user groups, remove the * and add Allowed User Groups. Click + after each entry.
- Click Save.
Tunnels in CudaLaunch
Tunnels are available only in CudaLaunch. To enable or disable the tunnel, go to the Tunnels tab and click the tunnel icon. The gray or green status icon shows the state of the tunnel.