SSL Termination on Sophos

Hi all,

I run a Sophos SG105 UTM 9.702-1.

I have a service (S3 server) that is not configured to handle SSL.

I have configured to access the service with HTTP by setting the endpoint (external request) to my Sophos firewall and adding some DNAT to my server. All works fine so far.

Now I want to switch to HTTPS. My S3 server does not support SSL (as it is protected from Internet). Therefore I would like to terminate SSL connection within Sophos (configured with Letsencrypt) and forward simple HTTP protocol to my S3 server. 

I couldn't figure out on how to configure this within my SG105.

Any help highly appreciated. Thanks,


  • Hello,
    The magic word is "Webserver Protection".
    Within "RealWebserver" you have to configure the connection to your physical WebServer using Port 80.
    Afterwards you configure the Virtual-Webserver. The one you reach from external via TCP443/SSL.
    Interface is the "external" reachable interface, Type HTTPS or HTTPS+Redirect (http is redirected to https).
    Select the certificate and afterwards domain
    ... Thats nearly all.

    Now you can configure and add firewall profiles, Authentication, ...

  • In reply to dirkkotte:

    Hi Dirk,

    thanks a lot. So I need to extend my license. 

    Sounds like a plan.

    Many Tahnks!