Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 1070 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Config Gateways

Joerg Frenker

Hi

we currently test the SSL VPN for our client connection (CertBased). All is up and running and when you are connected everything is fine. We have currently only one issue left:

When a user download the SSL-VPN Client and the Config File from the Sophos, it includes any interface addresses of the Sophos as target IPs:

route-delay 4
verb 3
reneg-sec 0
remote 46.x.x.x 8443 udp
remote 2a03::x 8443 udp6
remote 217.x.x.x 8443 udp
remote 2003::x 8443 udp6
remote 10.255.0.1 8443 udp
remote 192.168.112.254 8443 udp
remote fd07:7100:1400:112::254 8443 udp6
remote 172.16.16.12 8443 udp
remote 10.254.10.21 8443 udp
remote fd07:7100:1400:3010::10:21 8443 udp6
remote 192.168.100.60 8443 udp
remote fd07:7100:1400:100::60 8443 udp6
remote 169.254.192.1 8443 udp
remote 10.66.66.251 8443 udp
remote fd07:7100:1400:666::251 8443 udp6

(i have "remarked our public IPs with x)

In the final it is no problem, but the client runs through the complete list until the 1st IPv6 oder IPv4 Public address is used and start the connection process. I there way, except to edit the file manually, to avoid the use of the internal interfaces? Only the both interfaces that connected to our ISP are "WAN" Interfaces should be in the config

Version of the XG: XG330 (SFOS 19.0.0 GA-Build317)

 



This thread was automatically locked due to age.
Parents
  • +1

    Hi Joerg Frenker

    Please check with Override hostname option available on SSL VPN with global settings to meet the requirement : 

    Override hostname (optional): SSL VPN clients use the IP address or hostname you enter here rather than the WAN IP address of Sophos Firewall to establish the connection.

    Enter your network's public IP address or hostname if Sophos Firewall is behind a router and doesn't have a public IP address.

    If you leave this field blank, SSL VPN clients establish connections with the WAN IP address of the firewall in the listed order on Network > Interfaces.

    Thanks and Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Joerg Frenker

    That set only the new value, is it possible to define multiple entries there? Or is that only possible with multiple DNS Entries (over DNS RoundRobin)?

Reply Children
Unfiltered HTML