No Access to new VPN Portal

Question

Hi everyone, I have updated my XG to the new SFOS 20 and set everything up according to the knowledgebase article. When I now go to my URL " ">https://firewall.my_Domain.de" , I get a "forbidden" 
 I also have a WAF rule that points to my bookstack. As soon as I deactivate this WAF rule, I can also access the VPN portal. 
 I thought the 443 port can be shared with the new VPN portal! 
 I access my Bookstack instance via " ">bookstack.my_Domain.de". I want to access the VPN portal via " ">firewall.my_Domain.de". 
 Here is a screenshot of the WAF rule.

Can someone tell me where my error lies? 
 Thank you.

Vivek Jagad · Accepted Answer

Hello Wireguard ,

Thank you for reaching out to the community, there are some restrictions SSL VPN traffic and WAF rules must have different values for at least one of the following objects: WAN IP address, port, protocol. SSL VPN traffic to the WAN IP address used by WAF rules is dropped if it shares a common port and protocol with the WAF rules. This applies only to IPv4 traffic. The default HTTPS ports differ for WAF rules (443) and SSL VPN (8443). WAF traffic always uses the TCP protocol. But you can not use the same port for the VPN Portal. Here's an example of the configuration SSL VPN traffic can use when the network has two WAN IP addresses:

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.

No Access to new VPN Portal

Top Replies