Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Disabling VPN portal breaks SSLVPN connections

We're seeing a lot of failed authentication attempts on the VPN portal, and we don't need users to access it once the VPN is setup and working. However, when I close down the "VPN Portal" from the WAN zone, no-one can connect to the SSLVPN. As soon as I re-enable this, everything starts working again.

My understanding was that the only thing that needs to be open is "SSL VPN" on the WAN zone.

I've done this before, so perhaps a bug in new firmware? We're on SFOS 20.0.2 MR-2-Build378 and I've tested and confirmed that this problem exists on multiple XGS devices on that firmware version.

Also, the Sophos documentation is out of date. It still says you need to enable the User Portal - which you definitely don't.

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/VPN/RemoteAccessVPN/VPNRemoteAccessSSLVPNSophosConnectClient/index.html



Added TAGs
[edited by: Erick Jan at 9:53 AM (GMT -7) on 5 Sep 2024]
Parents Reply
  • We are getting DDOS-like authentication-requests through the VPN portal.

    Since some firewalls reported repeatedly failed authentications from an IP in St. Petersburg yesterday we disabled the VPN portal global for WAN, giving it local access with an ACL exception from country "Germany".

    Today I wasn't even able to login to the firewall via VPN. Authentication log is completely flooded with failed authentications. After several tries I could login to WebAdmin from internal via Citrix Netscaler an restart the authentication service on the firewall. Then I was able to login via VPN (PRO file) again.

    Source IP for the failed authentications is 127.0.0.1. I will go and disable the vpn portals completely now... fortunately our customers use OVPN only.

    Regards,

    Kevin

    Sophos CE/CA (XG, UTM, Central Endpoint)
    Gold Partner

Children