Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 2 answers
  • Subscribers 41 subscribers
  • Views 1655 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to allow guest user for accessing internet and connect to their office using Cisco AnyConnect VPN

Robby Sirwaturai

I have a dedicated VLAN in our network and a dedicated AD username for guest users. I am not using Sophos wireless network, I use another brand wireless network.

I am using SFOS 19.5.3

Every time my guest users browse the internet after logging into the captive portal with the AD username, they get "Your connection is not private" and there is no Continue button inside Advanced button. I understand this is because the SSL certificate the browser received is from the XGS unit, not the one from the website. How to get rid of this, so the browser will receive the certificate from the website. Don't suggest installing XGS's certificate in the guest machine. 

This client also wants to connect to his office network using Cisco AnyConnect VPN. I already opened TCP 443, UDP 443, TCP 80, UDP 500, and UDP 4500 but the Cisco Secure Client shows "The service provider in your current location is restricting access to the internet. You need to log on with the service provider before you can establish a VPN session. You can try this by visiting any website with your browser." How can I allow a VPN client to connect through SFOS?



This thread was automatically locked due to age.
Parents
  • 0

    Hello Robby,

    Thank you for contacting the Sophos Community.

    For your first question: The only way to get rid of the message is to install the SSL Certificate in the devices or not use Decrypt & Scan for guest users; no way around this.

    For your second question, I recommend you do a TCPdump on the Sophos firewall's WAN interface with the VPN's Ports; if you see the traffic going out, it means the ISP might be blocking the ports. Which I believe will be the issue because usually, ISPs block Port 500/4500 on Home networks.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply
  • 0

    Hello Robby,

    Thank you for contacting the Sophos Community.

    For your first question: The only way to get rid of the message is to install the SSL Certificate in the devices or not use Decrypt & Scan for guest users; no way around this.

    For your second question, I recommend you do a TCPdump on the Sophos firewall's WAN interface with the VPN's Ports; if you see the traffic going out, it means the ISP might be blocking the ports. Which I believe will be the issue because usually, ISPs block Port 500/4500 on Home networks.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Children
No Data
Unfiltered HTML