This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access from the WAN denied

I have a problem that probably started with a IOS upgrade to 17.5 and 18.4. Our Sophos XG could allowed our users to download vpn client by contacting our public interface, however, that is only possible after activating appliance_access on the console, but this disrupts all other internet traffic and renders this useless, as we have more critical services running through internet traffic. I have tried sophos tech but its useless.



This thread was automatically locked due to age.
Parents
  • Hello,

    From my understanding of your post - you want to allow your users to connect to the User portal via the WAN Interface ?

    Can you send a picture of the "Device Access" Tab ? It's located inside the "Administration Option on the left menu.

    Also, within that menu; In order to allow WAN Access of the User Portal, you would need to select the option "User Portal" for the WAN Interface, a reminder, be sure there's no other Services/NAT using the same User Portal TCP Port.

    Thanks!


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • What Port are you currently using for the User Portal ? You can see this information inside "Admin and user Settings".

    Is there any NAT Rule using the same Port ?

    Also, is there any other router or firewall on front of Sophos XG ?


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • I will try and create a DNAT rule for this, which I have tried before but without any luck ... if you say I should I will now

  • There's no need for a DNAT Rule for this, I only asked since NAT Rules can pass-through and overwrite the XG Services.

    Again, is there any other router or firewall in front of Sophos XG, or the Firewall have a public IPv4 Address on the WAN Interface ? If you do a packet capture on XG, do you receive any packets on the WAN Interface for the Port TCP/443 ?


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • Maybe I confused a DNAT and NAT Rule, whats the difference, becuz I have only option for a new firewall rule or DNAT. Anyway, I have router with no rules in front of the XG. I have not tried the packet capture thing because all I know I need to enable the appliance_access to get access, but this disrupts our internet traffic. Yes, the firewall has a public IP facing the router and breaks to the Internet.

Reply
  • Maybe I confused a DNAT and NAT Rule, whats the difference, becuz I have only option for a new firewall rule or DNAT. Anyway, I have router with no rules in front of the XG. I have not tried the packet capture thing because all I know I need to enable the appliance_access to get access, but this disrupts our internet traffic. Yes, the firewall has a public IP facing the router and breaks to the Internet.

Children