Sophos Central Admin US-West customers may experience performance and login issues. See Central Status for the latest updates.
We'd love to hear about it! Click here to go to the product suggestion community
I currently have a XG310 firewall running the latest 16.05.0 firmware. We are using the SSL VPN client and it is set for Default Gateway with all our internal subnets allowed. IT hands out 10.10.11.* IP addresses. I also have a firewall rule that allows all traffic from the LAN and VPN zones to/from the LAN and VPN zones. Our LAN has multiple VLANs but mostly follow a 10.10.10.*, 10.10.20.*, 10.10.30.*, etc pattern. This all works as expected. However we would like to add a secondary WAN connect (a cell router) as a backup in case our main line is down. It will NOT be used a failover outgoing but just for administrators to VPN into the network if our main fiber line is down.
I can't seem to get this to work as the SSL VPN only seems to respond to "WAN" ports but I also don't want the cell router to be considered a WAN port even though I guess technically it is. Is there another way to set this up or do I have to mark it as a WAN port then go through all my firewall rules and such and make sure the primary gateway is our actual gateway? Or is there a way to make it a WAN port but have it never try to use it for any outgoing traffic?
binding services to an Interface is still missing. No ETA yet for this feature.
Please add your vote:
In reply to lferrara:
Ironically I already voted on that topic for a different reason, binding the user portal to a different IP instead of a zone.
So there isn't a way to do this? Or would I have to add a secondary "WAN" interface and put the cell router on that but put the weight extremely high on it so it's not used? (or make sure all firewall rules are set to go through the primary?)
In reply to AllanDynes:
you cannnot do it, unless you edit manually the SSL config where the Clients connect to...this is not a good way to proceed if you have multiple remote users.
The connection would only be for IT staff if our primary WAN line is down so were talking about three users. So the question is would it work?