Remotely configure Sophos SG 135w over the Internet (Webadmin)

Hi everyone. I am new to dealing with these appliances and I need my boss (who is in another country) to remotely configure the device. So, at the moment he has to be connecting to my laptop using TeamViewer or AnyDesk in order to access Webadmin through my laptop. Is there a way for him to access Webadmin and configure the device without connecting through my pc. What I did was connect an ethernet cable from a router LAN port to the WAN port (eth1/WAN) of the sophos. Also, a cable connecting my laptop's Lan port to the Lan port (eth0/LAN) on the sophos. The device is on UTM 9.6 firmware.

Parents
  • Hello Andre,

    Is this a new installation? I strongly recommend updating to 9.713 as first step.

    You need to have the ip network of the router, your eth1/WAN should have an IP from this transfer net to reach the internet.

    Then you define the IP of the router as gateway for your WAN uplink. This becomes your connection to the internet.

    The you could open WebAdmin portal to this public interface, if you put "InternetV4" into the list of allowed neworks at "WebAdmin".

    Then he can access the WAN port, if your router has a port-forwarding rule to the IP of the eth1/WAN interface.

    Normally this is called something like an "exposed host".

    But without having any infos about your details, I can't help you further.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Thank you for replying. And yes, I reimaged the device. Before, it was running 9.7, but he told me to install 9.6. I will pass on this information and see if we can it up and running soon.

  • Hi Andre and welcome to the UTM Community!

    As Philipp says, you need to get the WAN port connected to the Internet.

    Before that's done, your boss can create a user for himself.  Assuming that the user name is James, he can add "James" to 'Allowed Administrators' and "James (User Network)" to 'Allowed Networks' in 'Management and Settings'.  He could also create a Host object for his public IP and add that to 'Allowed Networks'.  Next, create an SSL VPN Remote Access Profile allowing James to connect to "Internal (Network)" via VPN.  Finally, activate the User Portal so he can download Sophos Connect and his SSL VPN configuration file.

    Once the WAN port is connected, he'll be able to connect via SSL VPN and reach WebAdmin at "Internal (Address)" on port 4444.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Could they build a SUM to manage the SG? Also at this stage I don't think you can use Central Management (as per the XG version)  to manage UTMs.

    Ian

    XG115W - v19.5 GA - Home

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
No Data