This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenVPN in logs

Hi,

When we open and filter the logs by application, we can see OPENVPN, and it shows Connections useing this application!! we did not configure VPN on this UTM! I can also see port is being used is port 443. is this means because someone using port 443 to access lets sys exchange webmail or Sophos user portal then in the logs showing OPENVPN? or this is somthing else?

Thanks



This thread was automatically locked due to age.
Parents
  • Hi Aresh,

    Greeting.

    Can you please post the log lines here? It will help me investigate further.

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Hi Sachin,

    Thank you for your reply,

    I can see this info only if I go to the Dasbord-click eth1. where can I find more info regarding this open VPN? I also think as I said this can be just any https connection, as when I e.i. check the clients that We see for open VPN I can see my IP address and also IP of one of the customers that access our servers with RDgateway. but to be sure I ask if this is what I think is.

       

Reply
  • Hi Sachin,

    Thank you for your reply,

    I can see this info only if I go to the Dasbord-click eth1. where can I find more info regarding this open VPN? I also think as I said this can be just any https connection, as when I e.i. check the clients that We see for open VPN I can see my IP address and also IP of one of the customers that access our servers with RDgateway. but to be sure I ask if this is what I think is.

       

Children
  • Hi Aresh,

    The remote access SSLClosed feature of Sophos UTM is realized by OpenVPN, a full-featured SSL VPNClosed solution. It provides the ability to create point-to-point encrypted tunnels between remote employees and your company, requiring both SSL certificates and a username/password combination for authentication to enable access to internal resources.

    Open VPN is reflected in the flow monitor when the Remote SSL VPN is configured and Active. As you can see no bandwidth usage is captured, which means there is no active SSL connection thorugh UTM.

    Port: TCP 443 is the service port which is configured in SSL VPN settings hence the same is reflected in the details. This setting can be viewed by navigating through options Remote Access > SSL > Settings.

    Hope that helps.

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Thank you for the update,

    I did check the Remote Access-SSL-setting and I can see that it is configured to be used but there is no profile is setup, so no connection there.I also check the IP address and I can see it uses a different IP address and this is good becuse when I check net flow monitor and click on all enterfaces and go to the openvpn I can see the IP address different then IP we see for the openvpn and we use this IP for our Rdgateway and also one more IP that we use for our active sync and outlook anywhere.

    So no worry there any more, everything looks lik ok.

    Thanks