Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Portal and Login Security

After upgrading to SFOS 20.0.0 GA i activated the new VPN portal. We use only SSLVPN.

If SSLVPN is running on port 443 and the VPN Portal on port 444 (or any other), the authentication log displays the correct SRC IP. This allows "Login Security" to work properly

 

In my case i need the new port sharing feature, where i run the VPN PORTAL and SSLVPN on the same port TCP443. Now all login attempts through the VPN Portal are logged with SRC IP 127.0.0.1 and login security quit working.

Here you can see multiple attempts done by hackers. I now have hundreds of these logs



This thread was automatically locked due to age.
Parents
  • Hi  Thank you for reaching out to the Sophos community. I have tried to check in my LAB device the same way you described and yes it seems "login security" was not triggered. so I would suggest logging a support case to confirm more and validate this further. If a support case has already been raised on this then please share it for our reference here, so I can add a note over it.

    I am assuming two possibilities: During the shared port scenario between SSL VPN Service and VPN portal, Either the correct source IP is not reflected and due to that Login security is not applied on it OR Source IP 127.0.0.01  is expected due to the shared service port but no login security check applied on loopback IP.



    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

  • "Source IP 127.0.0.01  is expected due to the shared service port but no login check applied due to loopback IP."

    I suspect this is right. This should have been stated very clearly in the documentation. 

    I discovered the issue after replacing all my company provisioning files and now it's too late to go back

  • Yes noted your point, once the above details are confirmed internally on this reported situation, based on that if there is any such need to update the documentation I will surely do the needful and keep you posted.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

  • Hi  ,

    Regret to hear about the experience, and we'll take note of your feedback. As   mentioned we shall check on our end regarding this topic and keep you posted.

    Many thanks for your time and patience and thank you for choosing Sophos. 

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Reply Children