This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Have Static IP and changing ISP. Best Practices

Hello,  I have a SG105 set up with a static public IP.  It is setup for SSL VPN client. I'm looking to change my ISP and will need a new IP address.  I've been looking for best practices or any forum posts discussing this.  I have a feeling that it is not as simple as changing the IP and moving on.  I have a feeling that it will affect the certificates and other settings.  I hope someone can help.

Thank you in advance.



This thread was automatically locked due to age.
  • Hi  

    You will not require to make big changes. You will only need to change the IP address or mention it in the override hostname option (under Remote Access > SSL > Settings) in SSL VPN configuration. Once done, users will need to download the new config file and that should be it.

    If you have specified an FQDN in the override hostname option, you won't need to change anything other than your DNS record to point it to the new IP address.

    Regards

    Jaydeep

  • Hi Richard and welcome to the UTM Community!

    As Jaydeep says, if your SSL VPN config uses an FQDN, you will only need to change the IP for the FQDN in your public authoritative name server.  You will want to consider The Zeroeth Rule in Rulz (last updated 2019-04-17).

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • The last option is to open the .ovpn file at the client and change the destination-ip-settings within this file.

     


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Ok.  I'm overthinking this.  Once the IP address is changed under the network card configuration, the firewall will make the appropriate changes to continue to work as before.

    For the SSL VPN clients, I just need to regenerate config files for each user to download.  

    Should I revoke and regenerate my internally create certificates before creating each SSL VPN configs?  

  • Hi  

    Yes, it would work fine. Once you change the IP address and user downloads the configuration again for SSL VPN, users should be able to connect without any issue. You do not require to make changes to internally created certificates. Feel free to post any challenges you face.

    Regards

    Jaydeep