Security

Reply
Occasional Contributor II
Posts: 28
Registered: ‎07-22-2015

Issues accessing VDI through Guest Network

Hello Guys, 

 

I am wondering if somone can help me with this. I am working on resolving an issue, where users connected to the Guest network are having issues accessing VDI's which are hosted in company's internale network. I have added the vmaware predefined acl for the Guest profile. I can get to the logon portal, but once I have signed in the VDI does not come up. 

 

I am pretty sure that I am missing some config here, any help will be appreciated!

 

Thanks 

Ali

Guru Elite
Posts: 20,332
Registered: ‎03-29-2007

Re: Issues accessing VDI through Guest Network

If you haven't opened a TAC case, please open one in parallel.  The VDI acl is for optimizing VDI traffic, not allowing it, so you need to look at your routing infrastructure and Vmware documentation about what ports are needed to be allowed to run VDI successfully.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 28
Registered: ‎07-22-2015

Re: Issues accessing VDI through Guest Network

Hi Colin, 

 

Thanks for your comment. I will open the TAC case shortly. I am able to access the VDI through internal network/SSID's. The issue only appears when I am connected to Guest network. I have allowed the address/url and IP for the terminal servers in the acl. I am able to login to the vmware portal and select the VM pool but thats where i am stuck at this point VM should load up but I am just getting a blank screen. 

 

Thanks

 

Ali

 

 

Guru Elite
Posts: 20,332
Registered: ‎03-29-2007

Re: Issues accessing VDI through Guest Network

Is the guest network natted? What is allowed from your guest network back into your network for vdi?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 28
Registered: ‎07-22-2015

Re: Issues accessing VDI through Guest Network

Hi, 

 

Guest network is going out to the internet from a different gateway then the internal network. I only have access to the controllers at the moment so cant check the firewall to confirm what is allowed from the guest network to internal/VDI network. But i think it should work because Guest is accessing the VDI port from outside. 

 

Ali

 

 

Guru Elite
Posts: 20,332
Registered: ‎03-29-2007

Re: Issues accessing VDI through Guest Network

Without knowing the firewall configuration, we might be at a significant disadvantage. Why don't you change your guest role to allow everything, to rule out blocked ports?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 28
Registered: ‎07-22-2015

Re: Issues accessing VDI through Guest Network

Hi, 

 

so changed Guest role and added allow all and can access the VDI now. But I dont want to the Guest traffic to all internal resources..Is there any way for me to check which port the connection is using? or to figure out which port to allow?

 

Ali

Guru Elite
Posts: 7,991
Registered: ‎09-08-2010

Re: Issues accessing VDI through Guest Network

The command below will show you all of the traffic for that client:

 

show datapath session table <client-ip>

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 28
Registered: ‎07-22-2015

Re: Issues accessing VDI through Guest Network

okkk.I have the IP which I have to allow now, it is using port 8443. How can I allow a specifci port on the controller? 

 

Thanks for your help!

Ali

Guru Elite
Posts: 20,332
Registered: ‎03-29-2007

Re: Issues accessing VDI through Guest Network

You configure firewall policies in the user role (in this case guest).  A chapter on how to configure them is here:  http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/Firewall_Roles/Policies.htm



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: