Is it possible to change the SSL VPN Port for Remote Access??
... and for the User Portal, too?
This thread was automatically locked due to age.
Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.
17.1 has been released and this feature is now there.
Regards Simon
Sophos XG 17.5.1 MR-1 | Dell 7010 | Intel(R) Core(TM) i5-3550 CPU @ 3.70GHz | 8GB Memory
Samsung EVO 850 120GB SDD | 1x Intel 82574L / 2x 82571EB Gigabit Ethernet Controller (rev 06)
Hi guillaume,
port sharing is possible, so you can use port 443 for user portal and SSLVPN.
Best regards,
Holger
Hi SecureNet,
just in case you have not seen yet. In the current version of SFOS 17.1, this feature is implemented.
Best regards,
Holger
I have tried to change the port from 8443 to 443 using UDP mode and it fails saying there is a conflict on that port.
Everything else on the XG is using port 443 is TCP, e.g. WAF.
Can you confirm this is a bug, or how to fix it? It is a significant benefit to have the UDP443 for SSL VPN and TCP443 for WAF
Thanks
Ian
hello
i can not respond on waf + ssl vpn on port 443, cause i don't use waf.
But in my opnion, it's an error to use 443 UDP, because it is usually blocked by firewalls on public access, like the other exotics ports, as 443 normal traffic is TCP and not UDP !
Thank you for your comments.
I agree 443 UDP is not as good as 443 TCP for getting through general public firewalls, but unless we can generate a WAF rule to use a specific address (as per SNI for HTTPS), then I am limited to the options available.
WIth regards to 443UDP vs other ports, Yes I agree 443UDP is more likely to be blocked in comparison to 443TCP, but it is significantly more likely for non 443 ports to be blocked and 443UDP to be open and acceptable.
Also SSL VPN supposedly has better performance on UDP than TCP (according to the setup options, I have never had the opportunity to find out)
Thanks
Ian
Hello.
Yes I moved the user portal from 443 to 444 when I tried it, and I have just tried again now with no luck
I get the red pop up box saying "The selected Port is already used by another service. Please choose a different Port."
Thanks
Ian
Hello.
Yes I moved the user portal from 443 to 444 when I tried it, and I have just tried again now with no luck
I get the red pop up box saying "The selected Port is already used by another service. Please choose a different Port."
Thanks
Ian
Also tried, you can not use 443 tcp or udp for vpn ssl and/or user portal since you activate a waf with https rule (and the contrary)
should be great if sophos let choice on which port/public ip vpn ssl and user portal listen as it could be possible to have waf on one port/ip AND ssl vpn on an other port/ip.
but it's not the case..
Hello,
I can use 443 for WAF and User Portal, this is my normal configuration. I assume this is because WAF is only available on WAN IP And User Portal from various local interfaces.
As SSL VPN can use all interfaces, I assume this has an effect on why it cannot be enabled. On that note, I have just disabled SSL VPN from ALL interfaces and tried again, but still an error.