VPN Portal and Login Security

Hi FrancescoB Thank you for reaching out to the Sophos community. I have tried to check in my LAB device the same way you described and yes it seems "login security" was not triggered. so I would suggest logging a support case to confirm more and validate this further. If a support case has already been raised on this then please share it for our reference here, so I can add a note over it.

I am assuming two possibilities: During the shared port scenario between SSL VPN Service and VPN portal, Either the correct source IP is not reflected and due to that Login security is not applied on it OR Source IP 127.0.0.01  is expected due to the shared service port but no login security check applied on loopback IP.

"Source IP 127.0.0.01  is expected due to the shared service port but no login check applied due to loopback IP."

I suspect this is right. This should have been stated very clearly in the documentation. 

I discovered the issue after replacing all my company provisioning files and now it's too late to go back

Yes noted your point, once the above details are confirmed internally on this reported situation, based on that if there is any such need to update the documentation I will surely do the needful and keep you posted.

Hi FrancescoB ,

Regret to hear about the experience, and we'll take note of your feedback. As Vishal_R  mentioned we shall check on our end regarding this topic and keep you posted.

Many thanks for your time and patience and thank you for choosing Sophos. 

Regards,

Hi FrancescoB,

Upon update with the case. The issue has been escalated to our development team with the reference NC-132892.

Hi FrancescoB,

Upon update with the case. The issue has been escalated to our development team with the reference NC-132892.