SSG-5: Port Forward through VPN Tunnel?

  • Hello everybody!

    I searched the forum for quite a while but couldn’t find something regarding my problem.
    My colleague, who always managed our firewall, left the company spontaneously. I knew
    this day would come, but i had hoped it wouldn’t be that fast. Now there are some changes
    to be done and i’m the poor guy left in charge.

    But for the problem:
    We have a working firewall to firewall VPN Tunnel with a customer of ours. Everything is working fine so far.
    But now we need to let a specific server/service reach a computer within our LAN on port 70 to 75.

    1. I’m not allowed to change the existing tunnel!
    2. My boss is totally against an bidirectional tunnel, because of security issuses.
    3. If possible I don’t want to trouble our customer to make changes to his configuration.

    Is there any way for me to solve this problem without changing one of the three?
    If you need more information regarding the tunnel, the interfaces or anything else, please let me know!

    Thank you very much in advance!


  • What type of tunnel do you have set up? Create a policy to allow <tunnel zone="">to with dst <server>and custom service or service group.</server></tunnel>