This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Nice Bug on XG/XGS with non-standard port for User-Portal Access

Hello,MR

I think I found a nice bug on Sophos firewall (XG/XGS) Version 19.0 and 19.0.1

As soon as you change the port for "User portal access" from default = 443 to something else, you can access it from any zone, no matter what you checked under "Device access". So disabling "User portal" under "WAN" has no effect. Seems it only checks port 443 and doesn't hinder you from accessing when you use another port.

So I tried:

Then went here:

And I can still access the user portal from outside.

If I switch it back to 443, then disabling "device access" cuts it off, as it should.

I would be interested, if anybody can confirm the behaviour I am watching.



This thread was automatically locked due to age.
  • Hello!

    I've couldn't replicate this issue on my XG, but there's two things that could be causing this:

    1. Do you have any custom ACL in place that could be causing this?
    2. Is SSLVPN using the same port 8443? If It is then this could be te reason why the user portal is also accessible.

    Thanks!


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • SSLVPN and User Portal can share the same port. So if you have SSLVPN enabled and User Portal on the same port, it will share the same rule

    https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Administration/DeviceAccess/index.html#local-service-acl-how-device-access-works

    SSL VPN port: By default, all management services use unique ports. SSL VPN is set to TCP port 8443.

    Warning

    If you manually change the default ports, we strongly recommend that you use a unique port for each service. Using a unique port ensures that services are not exposed to the WAN zone even after you turn off access. Example: If you use port 443 for both the user portal and SSL VPN, the user portal will be accessible from the WAN zone even if you turn off WAN access from this page.

    __________________________________________________________________________________________________________________