This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access UTM from FQDN

I have a domain and would love to be able to access my UTM from that domain as a subdomain. Something like firewall.mikesdomain.com. How would I go about doing this and what ports would I need to open up? I can already access my webadmin and the user portal via my public ip.

Thanks in advance for the help.



This thread was automatically locked due to age.
  • Hi Michael,

    if you already can reach your firewall by public IP you only have to setup the dns record.

    But i recommend that your webadmin is not reachable from any external network.

    To get rid of the certifcate error you have to setup a official certificate or create a self signed one with your CA as trustworthy CA.

    Best Regards
    DKKDG

  • Mike, does The Zeroeth Rule in Rulz relate to this question?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi DKKDG,

    Thanks for responding.  What I actually meant was the user portal, not sure why I mentioned WebAdmin. 

     I am using GoDaddy (at least until I can find the time to host my site myself) as my hosting provider.  Basically, when I was in school last semester I had to create a website for my senior project, so I'm using that domain that I registered for testing. I went into my account and added a the subdomain "vpn" as a test. It's now working, but only kind of.  When I type the URL in, it then changes to my IP.  So instead of vpn.<mydomainhere>.net remaining in the address bar, it changes to my public IP address. 

    Any suggestions? 

    Thanks, 

    Michael

  • Michael, the right FQDN to use is the same one that you use for reaching WebAdmin from the Internet.  The way you differentiate between reaching WebAdmin and the User Portal is by the port used.  With WebAdmin, it's 4444, and you don't want to change that.

    The default for the User Portal is 443 which means that you don't need to name the port explicitly.  I prefer to change that to 2443 so that there's no conflict with other things on the UTM that can use 443.  That means you also must use it explicitly as you do with 4444.

    With the SSL VPN, I recommend changing the Protocol to UDP from TCP, and that further frees up TCP 443 for other uses.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob, 

    Thanks for your input.  I was aware that it's the same FQDN for the user portal, just without port 4444.  Thanks for your recommendation about the SSL VPN.  

    Any idea on why the FQDN changes back to my public IP after typing in the FQDN and pressing enter to go to it? 

     

    Thanks, 

    Mike

  • What happen if you clear your browser cache and cookies?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • It does the same thing.  I've even tried in an Incognito Window in Chrome.  I thought maybe waiting until this morning to try again, maybe and issue with DNS or something, but it's still happening. 

  • Michael PM'd me the FQDN.  It resolves to a different IP and the device there redirects the access to his local public IP replacing the FQDN with his numeric IP.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I think I understand your problem as the following:

    • Externally, your UTM is addressed as something like UTM.EXAMPLE.COM, and has a certificate for UTM.EXAMPLE.COM and works on you public IP.
    • Internally, your UTM is addressed as something like UTM.EXAMPLE.LOCAL (or UTM alone also works) on a private IP.   Both of these names produce a certificate error.

    You may be able to access the UTM using the external address.  I am going to assume that this does not work.

    To use the external name to access the internal address, use one of these tricks.

    • create a HOST file entry for UTM.EXAMPLE.COM which maps it to the internal address
    • If you have Active Directory or a similar dns system, create a ZONE entry for UTM.EXAMPLE.COM, then create a default (empty) host name that maps to the internal address.
  • Issue was resolved.  I had to create an A record in the DNS of my domain provider instead of creating a subdomain. Thanks for the help and suggestions everyone!