/
Ingress NAT Rule on TCP Port 443 Triggers Warning

Ingress NAT Rule on TCP Port 443 Triggers Warning

When you create an ingress NAT rule on TCP port 443, fallback is disabled and issues a warning.

Warning: This rule will disable falling back to TCP port 443 for SecureEdge agents that cannot establish a connection otherwise.

Fallback is useful in scenarios where UDP traffic is blocked or traffic to port 691 is restricted; in such environments, the TCP 443 fallback maintains connectivity that would otherwise fail.


SecureEdge implements a conditional fallback for VPN to port 443:

  • If the appliance is configured as a Private PoP and no inbound NAT rule includes port 443, VPN fallback to port 443 is enabled.

  • If inbound NAT rules on TCP port 443 exist, this creates a conflict with the TCP port 443 VPN tunnel fallback used by SecureEdge agent, and the VPN server will automatically disable listening on port 443 to avoid the collision. The fallback is disabled as soon as a TCP port 443 ingress NAT rule is created.

Note: An inbound NAT rule using TCP port 443 disables the port 443 fallback for the SecureEdge Access Agent.

Ingress NAT Rule

Example Screenshot for Ingress NAT Rule on TCP Port 443

  • The following warning message is displayed for an ingress NAT rule configured with destination criteria on TCP port 443:

port-443.png
Example Screenshot of Ingress NAT Rule Selecting Custom Application with TCP Port 443

  • For an ingress NAT rule, selecting target criteria as an application/resource with TCP port 443 triggers the following warning message:

appon443.png

 

 

 

We value your feedback.
If you have questions, suggestions, or feedback on our documentation, contact the Campus Product Documentation team.
For general product inquiries or technical support, please contact the global Barracuda Support team.