Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

FW-Rules not working to restrict VPN-Portal?

Hi there,

since some days, we encounter Bruteforce-Attacks against our Mainfirewall (Sophos XGS):

Access from IP address '92.53.xxx.xxx' is blocked for '30' minutes after '5' unsuccessful login attempts

I've tried to block all requests from this IP with a Deny/Reject-Firewall on the Top of our ruleset; but i still got mails with this login-attempts.
The rule was a simple "From WAN, IP-address to ANY Zone/Network, reject/block ANY Port". The States/Traffic-Count on the rule resides at 0 after some minutes (and mails from Sophos, that a IP was banned for some minutes).

So my question is: The access to the VPN-Portal is not limited by the firewall-ruleset?

We don't need the VPN-Portal available via external access and tried to deactivate ist - but then, our clients can't connect anymore via Sophos Connect.

Thanks in advance,



Edited TAGs
[edited by: Erick Jan at 11:59 PM (GMT -7) on 1 Oct 2024]
Parents Reply
  • Okay, thanks. So we would have to add ""check_remote_availability" : false" to our Provisioning-File on our clients. We can't do that automatically, because some users have additional vpn-connections imported.

    If i create a blackhole DNAT - would this prevent the access to the vpn portal from the described IP-address; or do DNAT-entries also not limit the access to the VPN portal?

Children