Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 62 replies
  • Subscribers 7 subscribers
  • Views 9922 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I can't Access Web Admin via WAN

Patrick

Hello ,

I have a sophos UTM 9.716-2. I can't connect via hostname from noip.com on port 4444. I can't connect via ssl vpn too. My ISP has cg-nat . I think cg-nat is the problem.

I try with success to setup a vps with wireguard to avoid cg nat. Now I got a new IP from vps.  If I write on GNU/linux  traceroute public ip show that I am not on cg-nat.

I have in Webadmin settings -> General -> Allowed Networks has ANY, Internal (Network), VPN Pool (SSL)  but problem not solved.

How can I ascess web admin via wan ???



This thread was automatically locked due to age.
Parents
  • 0

    Hello  ,

    Thank you for reaching out to the community, please refer the following steps:

    To change the password for admin run 

    cc passwd mynewpassword



    To change the WebAdmin port to 4444, run

    cc set webadmin port 4444



    To confirm that "Internal (Network)" is in 'Allowed Networks' for WebAdmin:

    cc get webadmin allowed_networks


    That will give you one or more REF_ objects.  One of mine is REF_nuSwABYbAt

    cc get_object REF_nuSwABYbAt |grep \'name


    and that tells me: 'name' => 'Internal (Network)',

    If 'Allowed networks' is empty, we need the REF_ for "Internal (Network)"

    cc get_object_by_name 'network' 'interface_network' 'Internal (Network)'


    Once you have the REF_, you can add it.  Using mine as an example (note the extra @ and + symbols - copy, paste and enter each line seprately!):

    cc
    webadmin
    allowed_networks@
    +REF_nuSwABYbAt
    exit


    Now, you should be able to login to web-admin as admin from the LAN.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Thank you for reply. Thank you Vivek but I am able to connect via lan. I cannot connect via wan like https://hostname.ddns.me:4444

    Thank you

Reply Children
  • 0 in reply to Patrick

    Just to check the basics: the UTM limits admin access by both accounts and IPs:

    AFAIK the "Allowed networks" defaults to "local networks" or "Intranet", not "any".
    Are you sure the IP your access originates from matches the rule?

  • 0 in reply to Alan Brand

    I did the same like your example above. I don't have SUM SSO Admin users I have only SuperAdmins then below Allowed Networks  I put only Any IPV4 like yours ...I have the same problem. I cannot connect via wan from local network or my moblie via cellphone data internet.

Unfiltered HTML