Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 4522 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot connect to webadmin when logged into the VPN

Khai Do

Hello.  We are using AWS cloud Sophos UTM 9 (Release 9.506-1). We have it setup and working.  The problem we are having is setting setting up restricted webadmin access.  We want to restrict access to webadmin access to admin users from a specific IP address ("SageHQ") OR admin users that are logged into the VPN (SSL VPN pool).  Our webadmin page is configured like so..

Allowed Administrators: "SuperAdmins"

Allowed Networks: "SageHQ", "VPN Pool (SSL)"

I am in the SuperAdmin group and I am able to access https://<Sophos host>:4444 when connected from "SageHQ" (and not logged into the VPN) however when I'm connected from an outside address (and logged into SSL VPN) I am no longer able to access the webadmin address.  As I understand it, when I'm logged into the VPN I should be able to access the webadmin page because it's setup to be accessible from the VPN pool.  Isn't this how it's supposed to work or am I not understanding it correctly?

When I'm logged into the VPN my PC does get assigned a VPN pool IP..

"utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.242.2.6 --> 10.242.2.6 netmask 0xffffff00
nd6 options=201<PERFORMNUD,DAD>"



This thread was automatically locked due to age.
  • 0

    Please show a picture of the Edit of your SSL VPN Profile.

    Also, a little tighter security and flexibility to use other remote access methods would be gained by replacing "VPN Pool (SSL)" with the "SuperAdmins (User Group Network)" object.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    Sophos tech supported help me out.  The problem was that I used our external facing hostname in both scenarios.  When I'm logged in as a superadmin I needed to access webadmin with the sophos local IP address.

  • 0 in reply to Khai Do

    That's why I wanted to see if you had the "External (Address)" object in 'Local Networks' of the SSL VPN Profile.  That should work to let you use the FQDN that resolves to your public IP.  The other solution would be split DNS where the FQDN resolves to the internal IP.  Another solution is to use https://10.242.2.1:4444 - the UTM's address in "VPN Pool (SSL)."

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML