selection of SSL VPN listening interface

I have Sophos XG210 (SFOS 17.1.3 MR-3) with WAN1 and WAN2 interfaces. Both WAN1 and WAN2 belong to zone WAN. WAN1  is much faster then WAN2 and I'd like to know if there's any way to force SSL VPN users go through WAN1 only when accessing our internal resorces without dropping packets for WAN2? 

  • you'll need to edit the SSL VPN Config File (.ovpn) and remove all the line with remote X.X.X.X except the line with the remote Wan1IP

  • You can also change the IP/Hostname that you would like to connect, but the downside is not been able to connect if the defined link is down (if configured by IP). You can workaround by using a DDNS. If the WAN definied went down, you change the DDNS to connect in another WAN.

    Change VPN Settings:

    • Configure > VPN > Show VPN Settings > SSL VPN > Override Hostname

    Configure DDNS:

    • Configure > Network > Dynamic DNS



    Before the changes:


    After override IP:

    After override DDNS:

  • In reply to rafaelmicrotron:

    This does work if you want to use a single IP or host name, but if you'd like to leave multiple entries in the configuration file, you can't edit that list. It's either a random order of all interface IPs, which seems like a dumb default, or it's the one host name you configure. This needs to be customizable incl. the order of interfaces to put in the config file imo.

  • Hello

    To resolve this issue via edit your SSL VPN config File (.ovon) And you have to remove all the remote IP except the IP of wan 1.

    The second method to do that via changing IP/Hostname  

    you also need to change VPN settings And DDNS:

    1. You have to configure VPN to you hostname
    2. and for DDNS you have to use dynamic DNS there 

    Hope this will help you