This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do you stop redirection to user portal?

Quick question,

For the block of ip addresses that the UTM manages, how do you stop web traffic from redirecting to the user portal if that IP address is not assigned to anything?

For example, let say the firewall manages two ip addresses, one is for a webserver port 80/443 only and the other is for an smtp server port 25 only.

If I have a NAT rule for the webserver, when I type in the ip address of website into a browser, it makes its way through the firewall to the proper web server behind the firewall and shows the web page ok.

However, If I type in the address of the mailserver into the browser which has no web nat rule, it simply redirects the traffic to the web portal.  I wish to stop this, how do you make the traffic simply die?

Thanks.



This thread was automatically locked due to age.
  • User portal is served on your interface ip address for SSL VPN. You can disallow User Portal under Administration > Device Access. its not related to your email or any other settings. its simple there for SSL VPN (so you can login and download SSL VPN Settings). You can also change User portal port under Admin settings  (User portal HTTPS port)

  • We definitely need the portal.  I haven't tried changing the port on the portal, that might be a possibility.  Another thought is to create a firewall rule that blocks web traffic to ip's?  Hate to do that, was hoping for an on/off switch for this.

  • Tom, I always recommend putting the User Portal on a different port - I use TCP 2443 for my clients.

    A related issue is the port for the SSL VPN.  Since you're in the USA, I recommend UDP 1443 for that.  Using UDP speeds up the throughput of the VPN.

    See #2 in Rulz (last updated 2019-04-17) for why the DNAT works.  You will eventually want to change from a DNAT to using Webserver Protection.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob, if I change the user portal port number, will that have any bearing on the use of the sslvpn client software itself?

    Tom

  • Yes it will, Tom.  You will want to change "tcp" to "udp" and "443" to "2443" in the config file in C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config\

    proto tcp
    remote 54.xxx.yyy.114 443

    Or just download the new config file.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA