Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 21 replies
  • Answers 3 answers
  • Subscribers 42 subscribers
  • Views 4623 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SPX Portal Not Working

Craig Glaser

Trying to get SPX email encryption working. Sophos XG Home v 18.0.4-MR4

The email protection is set up as MTA mode.  Normal email routing and deliver is working fine.

I've created the SPX template and when I try to send an email with the SPX header set to yes, the firewall holds the emails in quarantine as it should since the user has not created a password yet,, and sends the SPX registration email, which is received by the end user The link in the email is correct. The link properly resolves to the firewall's WAN interface IP.

However, clicking on the link results in a 'This Site cannot be reached' page.  Reason:  Connection Refused.

When I do a packet capture on the firewall, I see the request coming in on the correct port, and the status for the packed is 'Consumed'. 

Nothing is logged on the firewall report indicating anything is dropping or rejecting the request.

I'm stumped here.  Tried rebooting the firewall, recreating the SPX template, re-configuring the encryption settings.  

Any help would be appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Craig,

    same issue here. We are a medical office and we would like to use SPX encryption for communication with our patients.

    We use the Sophos XG 125 UTM w/ FullGuard Protection and 3 years subscription and firmware SFOS 18.0.4-MR4 and operate the UTM in MTA mode. We have a WAN interface with a static public IP and a fallback via UTMS with a dynamic IP.

    In order to use SPX, I made the corresponding SPX configuration in the E-Mail tab. I created a new template in which I changed the password type to "Set by recipient", changed the page format and activated the Reply portal. The portal settings are based on the host name of the UTM and standard port 8094.

    If I send an e-mail from our exchange and set the X-Sophos-SPX header to yes, I receive the corresponding e-mail. Depending on the settings, either the mail with the registration link or the mail with the encrypted PDF. The link seems to be built correctly and points to the public WAN IP with port 8094. So far everything seems configured correctly. If I open the link to the registration portal or the link to reply the message, I get a timeout. It doesn't seems to make any difference which network I allow or which port I set. Even if I set the host name to "none" and the LAN1 interface IP is used, the portal cannot be reached. A certificate for the host name exists. Unfortunately there is no checkbox for the SPX portal under the zone settings, but the user portal, for example, is activated.

    I have already restarted the Tomcat service via the extended console and restarted the firewall itself, no improvement.

    Am I missing something?
    Do I need a firewall rule or an additional configuration?
    Or is there a known bug?

    I don't know what to try next, so I am grateful for any hint.

  • 0 in reply to tob1987

    Can you show us a screenshot of your Encryption tab in MTA? 

    __________________________________________________________________________________________________________________

Reply Children
Unfiltered HTML