NAT SSL Remote Access To Sophos Address

Question

Hello Every body. 
 I have Sophos UTM SG310 with 4 internet connection. 
 I setup SSL remote Access listen on port 443(TCP) of sophos LAN Address and NAT from external Address to internal Address. User success connect to SSL Remote access but when one of internet interface down user cannot connect to SSL Remote Access. 
 Any body help me. 
 Sorry for my english.

DKKDG · Answer

Hi Tran Ngoc Hien , 
 why did you use the NAT rule for the ssl connection? 
 For the other case use the option override hostname and enter here a dns name the client can resolve. 
 For example 
 ssl.example.com shows to wan1 
 If wan1 fails you only have to switche the a record of your dns name 
 ssl.example.com shows to wan2 
 You can also enter the the dns name in the NAT rule instead of the wan interface -> dns host: ssl.example.com set as original destination. 
 Best Regards DKKDG

BAlfson · Answer

Ch&agrave;o Tran Ngoc Hien, 
 It always helps to show pictures here regardless of your English - which isn't so bad! 
 I will guess that you have selected a single interface in the SSL VPN setup. You should change that to the "Any" network object. Also, if you think you need a NAT rule, please show a picture of it. 
 As DKKDG suggests, you can use one of the failover DNS services to have your FQDN resolve to an alternate IP when the primary IP is down. An alternative is to show your folks how to edit their SSL VPN client config and save it with a new name. For example, assume line 5 in C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config	rannh@wan1.yourdomain.com is: 
 remote wan1.yourdomain.com 443 
 Edit that file to change wan1 to wan2 in line 5 and save the modified file as C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config	rannh@wan2.yourdomain.com. Now you can select either connection when you activate the SSL VPN Client. 
 Cheers - Bob