This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Redirect traffic to UTM VIP

Hi,

I am using UTM 9 with a single network adapter in order to redirect my traffic based or the host header. Everything works fine, but now I wan to configure the SSL VPN and the User Portal. Since 443 is already used on the Sophos adapter I have created a virtual one with a different IP address to bind to in order to use the VPN and portal on 443.

From the internal network the portal and VPN works fine since its hitting the VIP directly, but from outside I can't get the portal to work, I don't know about the VPN yet. I have created a Virtual Web Server that redirects traffic to the "Real Web Server", the VIP of the network interface, again, based on the host header it gets from the browser. Looks like is having trouble redirecting to one of its own IPs.

For the real server option I have created a new host and added the VIP of the UTM network adapter.

Can I redirect Web traffic to Sophos own IPs using a Virtual Server?

      

 

Thanks



This thread was automatically locked due to age.
Parents
  • Here are my usual recommendations, Adrian:

    • SSL VPN: UDP 1443
    • User Portal: TCP 2443
    • WAF: TCP 443

    Up until Google came up with QUIC (UDP 443) as a way to accelerate HTTPS, I was comfortable with UDP 443 for the SSL VPN.

    All that to say that I wouldn't try to resolve the situation in the way you are trying to do it.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi,

    Yes, I know I can change the port and I did it and it works great but doing it will block my connection on networks that have their traffic filters. If I want to connect from work it won't work since only 80 and 443 is allowed outside.

    I guess I will need another IP from my IPS for this.

  • Not sure what you mean by a Virtual IP.    If you only have one IP address from your ISP, you cannot invent a second IP that is reachable from the internet.   

Reply Children
  • The VIP I mean  the additional internal address. So eth0 is my network adapter and I added a second IP to this adapter which becomes eth0.1 (IP multinetting).

    I already have RDS in my network, just wanted to test VPN from outside see how is working. I guess I will need another public IP.

     

    Thanks for the help, much apprech...