This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Redirect traffic to UTM VIP

Hi,

I am using UTM 9 with a single network adapter in order to redirect my traffic based or the host header. Everything works fine, but now I wan to configure the SSL VPN and the User Portal. Since 443 is already used on the Sophos adapter I have created a virtual one with a different IP address to bind to in order to use the VPN and portal on 443.

From the internal network the portal and VPN works fine since its hitting the VIP directly, but from outside I can't get the portal to work, I don't know about the VPN yet. I have created a Virtual Web Server that redirects traffic to the "Real Web Server", the VIP of the network interface, again, based on the host header it gets from the browser. Looks like is having trouble redirecting to one of its own IPs.

For the real server option I have created a new host and added the VIP of the UTM network adapter.

Can I redirect Web traffic to Sophos own IPs using a Virtual Server?

      

 

Thanks



This thread was automatically locked due to age.
Parents
  • It is hard to understand what you configured before user portal.   Here is my guess:

    You have a bunch of things that you want to reach at home from work.   You set them up as WAF sites.   But now you want to do something more, and you are limited by the work firewall and the fact that the web ports are already used.

    I will only suggest in passing that you may be best served to avoid doing personal stuff from your work network...

    If this setup is only for you, consider removing all of the WAF configuration, and use just User Portal.   Configure HTML5 VPN to RDP to access your systems at home.   Once connected to one of those systems, you can access web sites as a local user.

    If this is a side business and your clients need access to the WAF sites, then you need a second IP address.   I would make the WAF sites into the secondary address and put User Portal on the address that UTM thinks is primary.

    Either way, strongly suggest OTP for any remote access.  The bad guys are doing password guessing attacks all the time.

Reply
  • It is hard to understand what you configured before user portal.   Here is my guess:

    You have a bunch of things that you want to reach at home from work.   You set them up as WAF sites.   But now you want to do something more, and you are limited by the work firewall and the fact that the web ports are already used.

    I will only suggest in passing that you may be best served to avoid doing personal stuff from your work network...

    If this setup is only for you, consider removing all of the WAF configuration, and use just User Portal.   Configure HTML5 VPN to RDP to access your systems at home.   Once connected to one of those systems, you can access web sites as a local user.

    If this is a side business and your clients need access to the WAF sites, then you need a second IP address.   I would make the WAF sites into the secondary address and put User Portal on the address that UTM thinks is primary.

    Either way, strongly suggest OTP for any remote access.  The bad guys are doing password guessing attacks all the time.

Children
No Data