Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 3600 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to provide user portal/SSL VPN and hosting a web service on port 443 with different IP addresses

Rick-Rainer Ludwig

Hi,

I am searching the web now since days and I cannot find a solution for the Sophos XG 210 to provide a user portal and SSL VPN to the internet and also hosting some external service.

 

The current setup (anonymized):

- WAN IP address range from provider: 1.2.3.0/29

- Default Gateway 1.2.3.1

- Our external IP address is 1.2.3.2 which is setup to be our main address for internet connection, user portal and SSL VPN on port 443

- External IP 1.2.3.2/29 is configured on Port2/WAN in Zone WAN

 

The challenge:

- Add additional IP address 1.2.3.3/29 to Sophos XG

- Forward port 443 on 1.2.3.3 to an internal server in DMZ for custom web services

- User portal/SSL VPN and the web service need to be on default HTTPS ports to work properly in all situations where strict firewalls are in place which only support HTTP/HTTPS like airports, hotels, customer sites, ...

 

The main issues are:

- When I add an alias to Port2, the user portal is shown on IP address 1.2.3.3. It completely shadows my additional IP address, as the user portal is listening on the WAN Zone.

- When I user Port1/LAN and set it up with IP address 1.2.3.3 and also put it into a zone different zone WAN2, I still see the user portal.

 

What do I miss here? It cannot be that difficult, can it?

 

Regards

Rick



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    You can specify the hostname or IP address for SSL VPN (and change the protocol to UDP if needed) in Override hostname box under CONFIGURE > VPN > Show VPN settings. Once you specify that, SSL VPN connection will be attempted to a specified the hostname only.

    You can control the user portal access by configuring Local service ACL exception rule under SYSTEM > Administration > Device Access.

    For the website, you can configure DNS to point to the additional address and that way it should work on HTTPS.

    Regards

    Jaydeep

Reply
  • 0

    Hi  

    You can specify the hostname or IP address for SSL VPN (and change the protocol to UDP if needed) in Override hostname box under CONFIGURE > VPN > Show VPN settings. Once you specify that, SSL VPN connection will be attempted to a specified the hostname only.

    You can control the user portal access by configuring Local service ACL exception rule under SYSTEM > Administration > Device Access.

    For the website, you can configure DNS to point to the additional address and that way it should work on HTTPS.

    Regards

    Jaydeep

Children
No Data
Unfiltered HTML