This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Change SSL VPN Port

Is it possible to change the SSL VPN Port for Remote Access??

... and for the User Portal, too?



This thread was automatically locked due to age.
Parents Reply Children
  • I have checked it. (System > Administration > Settings > User Portal HTTPS Port) This function is not equal to the Cyberoam configuration. Sophos use it for their User Portal and not for the SSL VPN as shown under KB1775 ( http://kb.cyberoam.com/default.asp?id=1775 ) The Sophos XG configuration site looks familiar to the Cyberoam configuration site, but the function seems to be different. I have tried 5 different port configurations and the created SSL VPN Profile (downloaded on the User Portal Site) still contains TCP 8443. So I've found my own workaround...

    Add a new rule of type Business Application Policy.
    Set application template to "Non-HTTP Based Policy".
    Give it a name.
    Set your source host to any.
    Under Hosted Server: Set source zone to "WAN"

    Under Protected Application Servers: Set protected zone to LAN
    Set protected application server to the LAN IP of the XG.
    Do not forward all ports.

    Under Port Forwarding: Set your protocol to the SSL VPN value.
    External port type is port.
    External port is 443
    Mapped port type is port as well.
    Set your internal port to 8443.

    Under Policies for Business Applications: Set Intrusion Prevention to "WAN to LAN"

    Finaly open the VPN SSL Configration File with notepad and change the SSL port to 443.

    Done...

  • This is not a viable option for anything larger than 2 people. Another need for this is guest wireless networks blocking non standard ports. That "change the SSL VPN port" field needs to be re added preferably as soon as possible.
  • Hello, is there a way to change the port ? In the road map maybe?

  • Hi Scale, I hope its in soon because it is a requirement!

  • Hi Scaledem,

    indeed we have a request to make SSLVPN port changeable in our backlog. So this feature will be implemented. I am not quite sure how fast we will be able to deliver you this feature, but it is definitly planned with major priority.

    Greetings

    Holger

  • Bump.  The XG appliances need this feature sooner rather than later.  UTM9 and SG both had the option and now we have clients complaining that the feature is missing.  They are threatening to either go back to UTM9 or worse yet, move to a new vendor.

    Please escalate the urgency of this request!  I am also testing v16 and noticed that it hasn't made it into that update yet either.

  • Bump.  Throwing in my request for this ASAP as well. This a pretty major requirement with more and more places locking down their networks these days.

  • Thanks for the above. This was quite helpful as a workaround to get SSL VPN working for me. 

    For some reason, my instance of XG did not seem to have the "Non-HTTP Based Policy", so I used the "DNAT/Full NAT/Load Balancing" template with the following settings:

    For "Destination Host/Network", #PortB is my WAN port, while "Protected Server" is the LAN IP address for Sophos XG. 

    It seems to work OK. 

    One thing that surprised me a bit is protocol Selection under "Destination & Services". I would have though there would be an option to forward both TCP and UDP, and not just one or the other, but apparently you can't. Does that mean if I wanted both to be covered off, I would need two rules, one for TCP and another for UDP? That seems rather inefficient and a bit of unnecessary pain. Or did I just miss something to enable both?

    I had initially tried UDP but that didn't seem to work behind an offsite firewall, so changed to TCP. When UDP is selected, the User Portal can still be accessed. Unfortunately, where I am they block UDP on 443 apparently, so I had to switch to TCP. Of course, doing this kills access to the User Portal from the internet, which is a bit of an irritation. It can still of course be accessed once the VPN is connected. That being said, if anyone knows a workaround so that both the User Portal and VPN are accessible (other than using 80 for the former), your thoughts would be most appreciated. 

  • Does this still work for you @MarcBorgers it doesn't seem to work anymore in the most recent Sophos XG.

  • FWIW on the most recent firmware update (16.05.3 MR-3) the port forwarding suggested by Marc also no longer seems to work for me.

    Chris Schnobb said:

    Does this still work for you @MarcBorgers it doesn't seem to work anymore in the most recent Sophos XG.