Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
We'd love to hear about it! Click here to go to the product suggestion community
HelloI have the following problem: if I try to connect from our internal network behind a UTM-9 to a foreign UTM-9 (or other firewall) via VPN, the connection fails with the following error:Wed Apr 24 14:34:48 2019 TCP: connect to [AF_INET]212.xx.xxx.xxx.xxx:4443 failed, will try again in 5 seconds: The system tried to assign a drive with SUBST to a directory located on a drive mapped with JOIN. Here is a small diagram of what I'm trying to achieve:
Does anyone know what settings I need to adjust?Kind regards
DidierDidierTranslated with www.DeepL.com/Translator
the vpn connection might fail because your firewall does not allow a connection on port 4443.
Do you have a firewall rule that allow this kind of traffic?
In reply to DKKDG:
Do you mean this setting?
Or is there another port to open?
In reply to DidierCH:
this is just the configuration where you set the port from your utm where clients try to connect via vpn.
You have to go to Network Protection -> firewall and add a rule for allowing tcp 4443 to the external ip of the foreign utm.
Thank you. Thought about that. I have another related question: would it be dangerous to open the tcp connection 4443 to any ip? Or is it better to specifie only the specific one?
I am not a fan of any objects.
Just use them as last resort when you did not know source, service or destination.
If you know source, service and destination just build the necessary firewall rule.
With any objects you make an hole bigger than necessary in your wall ;)
Thank you DKKDG!
Port 4443 is reserved in UTM for access by a SUM (Sophos UTM Manager). You will want to choose a different port for that remote UTM.
I believe that wireless providers block UDP and other ports that might be used for VPNs. One reason to stay with the TCP 443 default for the SSL VPN is that your cellular data provider might block UDP. My AT&T iPhone XS was unable to establish a working SSL VPN tunnel when using UDP 443 or UDP 1443. Everything worked perfectly with TCP 443.
Cheers - Bob
In reply to BAlfson:
Thank you Bob
Unfortunaltely I'm not free to choose the port for that remote UTM, because it doesn't belong to our organisation. I did as DKKDG suggested and opened this port only for the specific IP-Adress.