Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect and delivery of configuration via User Portal

This is a follow up to https://community.sophos.com/sophos-xg-firewall/f/discussions/136595/new-code-injection-vulnerability-in-the-user-portal-and-webadmin-of-sophos-firewall

Can Sophos make available the ability to download SSL VPN client configurations without opening the whole User Portal? The best practice advice from Sophos is to not expose the User Portal on the WAN interface. Indeed there have been two exploited vulnerabilities in the User Portal in the last twelve months. Unfortunately we have to make the User Portal available on the WAN interface so that users can complete a new SSL VPN setup using a .pro configuration file.

We don't utilise the User Portal for anything but this. Why can't Sophos make the required SSL setup functionality available separately so that we don't have to enable the full User Portal on the WAN interface? As a small subset of the User Portal functionality it would be a lot more secure.



This thread was automatically locked due to age.
Parents
  • Hi ,

    We've brought your concerns up internally and our Development Team is currently in the works for a new method that would eliminate the need for the User Portal to be exposed on the WAN for SSL VPN RA use. We plan to implement this in the future release.

    Karlos
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • That's great news , thanks for picking this up.

  • That would be so great. Currently we open and close userportal multiple times per day  - and that sucks.

    Time Log comp Status Username Src IP Message Message ID
    28.09.2022 13:58 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
    28.09.2022 09:57 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
    28.09.2022 09:50 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
    27.09.2022 17:31 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
    27.09.2022 14:14 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
    27.09.2022 09:53 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
    27.09.2022 09:47 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
    27.09.2022 08:53 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
    27.09.2022 08:49 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
Reply
  • That would be so great. Currently we open and close userportal multiple times per day  - and that sucks.

    Time Log comp Status Username Src IP Message Message ID
    28.09.2022 13:58 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
    28.09.2022 09:57 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
    28.09.2022 09:50 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
    27.09.2022 17:31 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
    27.09.2022 14:14 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
    27.09.2022 09:53 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
    27.09.2022 09:47 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
    27.09.2022 08:53 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
    27.09.2022 08:49 GUI Successful xxx xxx Appliance Access Settings were changed by xxx 17502
Children
No Data