Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Disabling VPN portal breaks SSLVPN connections

We're seeing a lot of failed authentication attempts on the VPN portal, and we don't need users to access it once the VPN is setup and working. However, when I close down the "VPN Portal" from the WAN zone, no-one can connect to the SSLVPN. As soon as I re-enable this, everything starts working again.

My understanding was that the only thing that needs to be open is "SSL VPN" on the WAN zone.

I've done this before, so perhaps a bug in new firmware? We're on SFOS 20.0.2 MR-2-Build378 and I've tested and confirmed that this problem exists on multiple XGS devices on that firmware version.

Also, the Sophos documentation is out of date. It still says you need to enable the User Portal - which you definitely don't.

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/VPN/RemoteAccessVPN/VPNRemoteAccessSSLVPNSophosConnectClient/index.html



Added TAGs
[edited by: Erick Jan at 9:53 AM (GMT -7) on 5 Sep 2024]
Parents Reply
  • Pro Files will download the SSLVPN and IPsec Files and push them to the Sophos Connect client. Sophos Connect then can use this client to connect to the firewall. At this point, you do not need the VPN Portal anymore.

    Thanks, but that's not what we're experiencing. The pro file was deployed weeks ago. The SSLVPN connects fine, we turn off the VPN portal and it can't connect until we open it again. What I have noticed is that the VPN portal and SSLVPN (UDP) both run on the same port.

    We have 150 ZTNA licenses already. We trialed using it a few months ago but when we were setting it up and trying to get different things to work, we were told by Sophos Support you can only do RDP with it. That won't suit our requirements. We need a full tunnel with file sharing, ftp, browsers etc. all routing over the tunnel. Either way, VPN should work fine.

Children