Some Remote VPN users cant reach Admin Page and User Portal on both 4444/4443 respectively but pings and telnet work on those ports from the same system. Could it be public IP related problem?
This thread was automatically locked due to age.
Some Remote VPN users cant reach Admin Page and User Portal on both 4444/4443 respectively but pings and telnet work on those ports from the same system. Could it be public IP related problem?
Dear Shaun,
I think you do not need to have SSL VPN configured before accessing the web portal from the internet. for example https://197.245.x.x:4444 in order to access the sophos firewall web interface. The issue is that, some people can access the portal both webadmin and user portal but others could not. it actually timed out on the web browser.
Ping to the 197.245.x.x works fine and telnet also works good but on the browser, the users in question are not able to hit or access the web interface.
Hi, and welcome to the UTM Community!
As Shaun remarked, you must have "VPN Pool (SSL)" in 'Allowed Networks' in WebAdmin Settings'.
4443 is reserved for the UTM Manager. The default port for the User Portal is TCP 443.
Cheers - Bob
Things to consider because you said the problem only affects some users.
Some remote locations may have their own web filter systems, and have them configured to block nonstandard ports
Some PC-based security products do web filtering, so you need to poke around in the administrative interface to learn what it is configured to do.
Hi Bob,
A bigger pool has been defined to allow remote SSL VPN users to connect smoothly but as i explained earlier, some SSL VPN connections are fine and working well but those who are having challenges or issues connection to the firewall are but able to ping and telnet to the Firewall External IP/Port as well the User portal defined. Am really surprised as to why the ports are opened but yet still TCP connection is not working...
Kindly assist
Many thanks Foster,
We have worked on the PC-based filtering rules by disabling windows firewall and other web filtering tools the issue status remained the same. I expect at least the login page to appear since they are able to telnet into those ports. We have changed browsers and other but could it be a bud in the firewall since TCP traffic isnt working for some users ?
Show us a line from the Firewall log file (not the Live Log) where dstport="4444" is blocked. Do the same for the other port.
Cheers - Bob