This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to use HTML5 VPN Portal as a virtual web server (reserve proxy)

I have been attempting to use the HTML5 VPN Portal in UTM as a virtual webserver. 

I have the user portal port assigned to 44444.
If I create a firewall rule to allow port 44444 and go to the address https://WANIP:44444/, I am able to connect to any of the machines listed in the portal from both my internal network and external networks.
If I create a network definition as a DNS host with "localhost" as the address, create a real webserver using that definition, and then create a virtual webserver with https+redirect to that real webserver on port 44444, I am able to access the user portal both from my internal network and any external network.

The problem I am running into is that when using the portal through the virtual webserver, I can access any of the machines listed in the HTML5 VPN Portal if I am on the local network, but if I try to access any of them from a remote network, I get an error saying "Websocket Error."  Again, it works fine if I go to the WANIP:44444 on both internal and external networks.

My question is if there is a way to configure the Web Application Firewall > Virtual Webserver where it will allow me to connect to machines listed in the HTML5 VPN portal from both inside and outside of my network.  I know I can change the user portal to listen on 443, but it is not feasible in my environment.

Any help would be appreciated.  Thanks!



This thread was automatically locked due to age.
Parents
  • Hi Alan and welcome to the UTM Community!

    How about showing us pictures of the Edits of the relevant definitions/objects/rules?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  •  

    BAlfson said:

    Hi Alan and welcome to the UTM Community!

    How about showing us pictures of the Edits of the relevant definitions/objects/rules?

    Cheers - Bob

     

    Thank you for the reply.  Here are the relevant screenshots:

     

  • I still don't understand what's happening.  What are you connecting to first?  Then what?

    What benefit do you expect from this?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • BAlfson said:

    I still don't understand what's happening.  What are you connecting to first?  Then what?

    What benefit do you expect from this?

    Cheers - Bob

     

     

    I am trying to connect to the user portal through the reverse proxy.  I only have a single IP address and cannot configure the user portal to listen on port 443.  My wish is to be able to go to https://portal.domain.com, rather than https://portal.domain.com:44444.  The only way I know to do this is to use the reverse proxy aka virtual web server.  When I use the reverse proxy, it gives me a websocket error when trying to connect to any of the HTML5 VPN computers listed in the portal.

     

    The benefit is that I would not have to specify the port when connecting to the user portal.

  • I'm not sure why I didn't understand that in the beginning - it's exactly what you first described.  That's creative!  I haven't heard of anyone doing such a thing, but it looks like you've done everything correctly.  I don't think the reverse proxy has websocket support.  I bet you will find confirmation of this in the Web Application Firewall log- do you?

    I habitually put the User Portal on 2443 and the SSL VPN on UDP 443.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • I'm not sure why I didn't understand that in the beginning - it's exactly what you first described.  That's creative!  I haven't heard of anyone doing such a thing, but it looks like you've done everything correctly.  I don't think the reverse proxy has websocket support.  I bet you will find confirmation of this in the Web Application Firewall log- do you?

    I habitually put the User Portal on 2443 and the SSL VPN on UDP 443.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children