This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I can't Access Web Admin via WAN

Hello ,

I have a sophos UTM 9.716-2. I can't connect via hostname from noip.com on port 4444. I can't connect via ssl vpn too. My ISP has cg-nat . I think cg-nat is the problem.

I try with success to setup a vps with wireguard to avoid cg nat. Now I got a new IP from vps.  If I write on GNU/linux  traceroute public ip show that I am not on cg-nat.

I have in Webadmin settings -> General -> Allowed Networks has ANY, Internal (Network), VPN Pool (SSL)  but problem not solved.

How can I ascess web admin via wan ???



This thread was automatically locked due to age.
Parents
  • Hello  ,

    Thank you for reaching out to the community, please refer the following steps:

    To change the password for admin run 

    cc passwd mynewpassword



    To change the WebAdmin port to 4444, run

    cc set webadmin port 4444



    To confirm that "Internal (Network)" is in 'Allowed Networks' for WebAdmin:

    cc get webadmin allowed_networks


    That will give you one or more REF_ objects.  One of mine is REF_nuSwABYbAt

    cc get_object REF_nuSwABYbAt |grep \'name


    and that tells me: 'name' => 'Internal (Network)',

    If 'Allowed networks' is empty, we need the REF_ for "Internal (Network)"

    cc get_object_by_name 'network' 'interface_network' 'Internal (Network)'


    Once you have the REF_, you can add it.  Using mine as an example (note the extra @ and + symbols - copy, paste and enter each line seprately!):

    cc
    webadmin
    allowed_networks@
    +REF_nuSwABYbAt
    exit


    Now, you should be able to login to web-admin as admin from the LAN.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Thank you for reply. Thank you Vivek but I am able to connect via lan. I cannot connect via wan like https://hostname.ddns.me:4444

    Thank you

Reply Children
  • Just to check the basics: the UTM limits admin access by both accounts and IPs:

    AFAIK the "Allowed networks" defaults to "local networks" or "Intranet", not "any".
    Are you sure the IP your access originates from matches the rule?

  • I did the same like your example above. I don't have SUM SSO Admin users I have only SuperAdmins then below Allowed Networks  I put only Any IPV4 like yours ...I have the same problem. I cannot connect via wan from local network or my moblie via cellphone data internet.