We'd love to hear about it! Click here to go to the product suggestion community
Is it possible to change the SSL VPN Port for Remote Access??
... and for the User Portal, too?
In reply to guillaume bottollier:
Thank you for your comments.
I agree 443 UDP is not as good as 443 TCP for getting through general public firewalls, but unless we can generate a WAF rule to use a specific address (as per SNI for HTTPS), then I am limited to the options available.
WIth regards to 443UDP vs other ports, Yes I agree 443UDP is more likely to be blocked in comparison to 443TCP, but it is significantly more likely for non 443 ports to be blocked and 443UDP to be open and acceptable.
Also SSL VPN supposedly has better performance on UDP than TCP (according to the setup options, I have never had the opportunity to find out)
In reply to TheEther:
Yes I moved the user portal from 443 to 444 when I tried it, and I have just tried again now with no luck
I get the red pop up box saying "The selected Port is already used by another service. Please choose a different Port."
In reply to Ian Rogers:
Also tried, you can not use 443 tcp or udp for vpn ssl and/or user portal since you activate a waf with https rule (and the contrary)
should be great if sophos let choice on which port/public ip vpn ssl and user portal listen as it could be possible to have waf on one port/ip AND ssl vpn on an other port/ip.
but it's not the case..
I can use 443 for WAF and User Portal, this is my normal configuration. I assume this is because WAF is only available on WAN IP And User Portal from various local interfaces.
As SSL VPN can use all interfaces, I assume this has an effect on why it cannot be enabled. On that note, I have just disabled SSL VPN from ALL interfaces and tried again, but still an error.
In Version SFOS 17.1.0 GA, now you can change the port for User Portal and SSL VPN as well from default port 443 to any as per your desire.
Reference release note:-
In reply to Muhammad Imran Shaikh:
I know the new feature has been added to do this. My original post onto this thread (page 5 iirc) and the subsequent discussion was because of the fact that this new feature seems to have an issue...
If you are using WAF / User Portal on TCP 443 you still cannot set the vpn to UDP 443, but you can still change it to other ports.
I complete agree from you, it is restricted with User Portal only. you may use 443 for SSL VPN and WAF at same time but not with User Portal.
Currently i am using it by changing the User Portal Port only.