Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

VPN Portal and Login Security

After upgrading to SFOS 20.0.0 GA i activated the new VPN portal. We use only SSLVPN.

If SSLVPN is running on port 443 and the VPN Portal on port 444 (or any other), the authentication log displays the correct SRC IP. This allows "Login Security" to work properly

 

In my case i need the new port sharing feature, where i run the VPN PORTAL and SSLVPN on the same port TCP443. Now all login attempts through the VPN Portal are logged with SRC IP 127.0.0.1 and login security quit working.

Here you can see multiple attempts done by hackers. I now have hundreds of these logs



Added TAGs
[edited by: Raphael Alganes at 3:30 AM (GMT -7) on 13 Mar 2024]
Parents
  • Hi  Thank you for reaching out to the Sophos community. I have tried to check in my LAB device the same way you described and yes it seems "login security" was not triggered. so I would suggest logging a support case to confirm more and validate this further. If a support case has already been raised on this then please share it for our reference here, so I can add a note over it.

    I am assuming two possibilities: During the shared port scenario between SSL VPN Service and VPN portal, Either the correct source IP is not reflected and due to that Login security is not applied on it OR Source IP 127.0.0.01  is expected due to the shared service port but no login security check applied on loopback IP.



    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Reply
  • Hi  Thank you for reaching out to the Sophos community. I have tried to check in my LAB device the same way you described and yes it seems "login security" was not triggered. so I would suggest logging a support case to confirm more and validate this further. If a support case has already been raised on this then please share it for our reference here, so I can add a note over it.

    I am assuming two possibilities: During the shared port scenario between SSL VPN Service and VPN portal, Either the correct source IP is not reflected and due to that Login security is not applied on it OR Source IP 127.0.0.01  is expected due to the shared service port but no login security check applied on loopback IP.



    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Children