Thread Info
  • State Suggested Answer
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 1733 views
  • Users 0 members are here
Options
Suggested

VPN Portal and Login Security

FrancescoB

After upgrading to SFOS 20.0.0 GA i activated the new VPN portal. We use only SSLVPN.

If SSLVPN is running on port 443 and the VPN Portal on port 444 (or any other), the authentication log displays the correct SRC IP. This allows "Login Security" to work properly

 

In my case i need the new port sharing feature, where i run the VPN PORTAL and SSLVPN on the same port TCP443. Now all login attempts through the VPN Portal are logged with SRC IP 127.0.0.1 and login security quit working.

Here you can see multiple attempts done by hackers. I now have hundreds of these logs



Added TAGs
[edited by: Raphael Alganes at 3:30 AM (GMT -7) on 13 Mar 2024]
Parents
  • 0

    Hi  Thank you for reaching out to the Sophos community. I have tried to check in my LAB device the same way you described and yes it seems "login security" was not triggered. so I would suggest logging a support case to confirm more and validate this further. If a support case has already been raised on this then please share it for our reference here, so I can add a note over it.

    I am assuming two possibilities: During the shared port scenario between SSL VPN Service and VPN portal, Either the correct source IP is not reflected and due to that Login security is not applied on it OR Source IP 127.0.0.01  is expected due to the shared service port but no login security check applied on loopback IP.



    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Vishal_R

    Hello. 

    I have this issue on my main firewall and i was able to replicate it on my xg home install.
    A case has been opened: 07267319

    Thank you

Reply Children
Unfiltered HTML