Forum Discussion

Colin_Bowern_15's avatar
Colin_Bowern_15
Icon for Nimbostratus rankNimbostratus
Apr 24, 2014

Accessing Server Resources from AppTunnel

If I publish an application tunnel on FirePass that exposes SERVERA with IP address 10.0.0.25 on the internal network, what should the client application that is launched using the application tunnel use to connect to that server?

 

APM
deployment
firepass
microsoft
security

7 Replies

Sort By
  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account
    Apr 24, 2014

    Firepass: The apptunnel component will be bind to 127.x, so it'll be a loopback IP. You can click the little + in the small blue and pink window that holds the activex control for the apptunnel, and the address will be listed there. Alternatively, you can use %host% and %port% in the apptunnel definition to determine this dynamically and launch a program with these parameters. Then you never need to worry about it. Alternatively, you can use a hostname instead of an IP address in the apptunnel definition. Then the client program can connect to the hostname. Then you also never need to worry about it.

     

    • Colin_Bowern_15's avatar
      Colin_Bowern_15
      Icon for Nimbostratus rankNimbostratus
      Apr 24, 2014
      From the application portal I click the app tunnel link, a window pops up, disappears then the app launches. I'm trying to find that little + that you are referring to and I can't see anything unless it was in the window that gets closed. I am looking at how to tell Visual Studio the TFS server using the command line but it isn't straightforward - is there any other way to look up that address from the client side?
  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account
    Apr 24, 2014

    Perhaps it's configured to minimize to the systray. Look for a little red f5 ball icon there.

     

    You can also look at (in windows) %temp%\logterminal.txt , it'll be logged in that file.

     

    Or netstat -l.

     

    • Colin_Bowern_15's avatar
      Colin_Bowern_15
      Icon for Nimbostratus rankNimbostratus
      Apr 24, 2014
      netstat -ab gave me some IP addresses and ports to try, but none of them connected with the server on the other side. Found the window hidden in the system tray but it just shows a DynTunnels tab with no IP information. The logs didn't reveal anything either.
  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account
    Apr 24, 2014

    ah, ok.

     

    Firepass has three different apptunnel modes. static, dynamic, and web.

     

    dynamic uses detours to hook the winsock calls from your application. It's not 100% compatible with everything, and does not create any local listeners. You have to launch your application explicitly using the parameters in the configuration. Once the application launches a winsock connection, it will be sent over to the Firepass for proxying.

     

    web apptunnels is similar, but iexplore is hooked instead of an arbitrary program, it's then sent to your web URL.

     

    static uses a local listener. It's the simplest to use and most compatible, but you can only set up a limited number of host:port listeners (the limit is somewhere around 40).

     

    Recommend you switch to static instead and give it a go.

     

  • Robert_47833's avatar
    Robert_47833
    Icon for Altostratus rankAltostratus
    Mar 11, 2015

    I published app tunnel for ssh in APM,met simliar issue after Mac client connected to tunnel,it listen on localhost:1024,1025 and so on I don't know how to make it work now......

     

    I want user to type "ssh real-ssh-server-ip" and access the backend ssh server

    how to do this?

     

    Alternatively, you can use %host% and %port% in the apptunnel definition to determine this dynamically and launch a program with these parameters.