Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how do I redirect http to https for the User Portal

Hi all, I would like to have a redirect so that if a user goes to (URL of User portal) instead of HTTPS:// (URL of User Portal) they will get redirected.  I hope I don't have to stand up a web server on the DMZ, and port forward port 80 to it.



Edited Tags
[edited by: Erick Jan at 11:13 PM (GMT -7) on 15 Sep 2022]
Parents
  • Thanks for the reply, will this redirect to HTTPS or will this simply allow HTTP?  I do not want to allow HTTP access but do want to make it simpler in case they do not type HTTPS in the URL.

  • Hi,

    You're welcome.

    This will make a direct connection on HTTP port 80. If the users don't mention HTTPS (port 443) before the URL this will by default forward the request on HTTP (port 80).

    PAT is not feasible as per the requirement.

    Thanks

    Sachin

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Ok, so there is no way to perform the redirect to HTTPS on the box.  I guess the only way to accomplish this is to put a webserver in the DMZ and redirect the HTTP request to HTTPS.

  • Hello,

    So as I read then, XG on the user portal port 80 will not redirect to HTTPS / port 443.

    I have been using Astaro / Sophos since Astaro v7, through UTM 9 and now just starting to use XG in a VM for the last 40 days.

    IF I remember correctly and had done on UTM, I did port forwarding where it came in on the WAN port at port 80 or what ever port being used and then port forward to the LAN side on another port such as 443 or 22. So like if I configured multiple SSH terminal sessions to systems and devices behind the UTM, I would set my external links address like WAN IP address :1122, :1123, :1124 and then have a port forwarding rule to send them back to a specific host I.P. on port 22.

    So something like WAN on port1122 forward to LAN I.P. address port 22.

    So not sure if you would set your user portal to listen on port 443 the HTTPS and then create a port forward rule for any http / port 80 request on WAN port to port forward to port 443 on the WAN? Anyone please correct me if I am wrong. I know you can set up port forwarding rules to take incoming IP:port number and forward to internal I.P. on same or different port number.  I have done similar things. I have even copied the HTTPs service and edit it for another port number. I have a DVR system that runs on port 7001 via web interface and have made a https on port 7001 for it. I am beleive the web browser indicated it was https connected on 7001. ( I use self signed certificates for my home network and usually got the untrusted cert warning in IE and Mozilla)

    I am slowly setting up all my port forwards, user portal and html5 vpn portals on my new XG system and will have to check and confirm this on XG.

    Again if I have made some wrong statements, anyone please correct me. Assuming what I have noted is still all correct, not sure if my port forwarding suggestion would be a possible workaround for you. 

    Else If you or the business already has a public web site / server, you could just add a URL link on the company's web site that has the https://company XG user portal address, and have the employees go to the company's website and click on the link to send them to the XG user portal that way. Then they do not have to remember to add the https to it.

    Chad

  • Still today the option is not available.

    The configuration is managed by Apache server but it is not officially support. Sophos, you can implement the feature very easily.

    https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/39912523-redirect-user-portal-from-http-to-https

    Vote the feature request.

    Thanks

Reply Children
No Data