This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connecting fails from internal network behind UTM 9 to foreign UTM 9 via VPN

Hello

I have the following problem: if I try to connect from our internal network behind a UTM-9 to a foreign UTM-9 (or other firewall) via VPN, the connection fails with the following error:

Wed Apr 24 14:34:48 2019 TCP: connect to [AF_INET]212.xx.xxx.xxx.xxx:4443 failed, will try again in 5 seconds: The system tried to assign a drive with SUBST to a directory located on a drive mapped with JOIN.

 

Here is a small diagram of what I'm trying to achieve:



 

Does anyone know what settings I need to adjust?

Kind regards

Didier

Didier

Translated with www.DeepL.com/Translator



This thread was automatically locked due to age.
Parents
  • Hi Didier

    the vpn connection might fail because your firewall does not allow a connection on port 4443.

    Do you have a firewall rule that allow this kind of traffic?

    Best Regards
    DKKDG

  • Hi DKKDG

    Do you mean this setting?

     

     

    Or is there another port to open?

     

    Kind regards,

    Didier

  • Hi Didier,

    this is just the configuration where you set the port from your utm where clients try to connect via vpn.

    You have to go to Network Protection -> firewall and add a rule for allowing tcp 4443 to the external ip of the foreign utm.

    Best Regards
    DKKDG

  • Hi DKKDG

    Thank you. Thought about that. I have another related question: would it be dangerous to open the tcp connection 4443 to any ip? Or is it better to specifie only the specific one?

     

    Kind regards,

    Didier

  • Hi Didier,

    I am not a fan of any objects.

    Just use them as last resort when you did not know source, service or destination.

    If you know source, service and destination just build the necessary firewall rule.

    With any objects you make an hole bigger than necessary in your wall ;)

    Best Regards

    DKKDG

  • Thank you DKKDG!

     

    Kind regards,

    Didier

  • Hallo Didier,

    Port 4443 is reserved in UTM for access by a SUM (Sophos UTM Manager).  You will want to choose a different port for that remote UTM.

    I believe that wireless providers block UDP and other ports that might be used for VPNs.  One reason to stay with the TCP 443 default for the SSL VPN is that your cellular data provider might block UDP.  My AT&T iPhone XS was unable to establish a working SSL VPN tunnel when using UDP 443 or UDP 1443.  Everything worked perfectly with TCP 443.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo Didier,

    Port 4443 is reserved in UTM for access by a SUM (Sophos UTM Manager).  You will want to choose a different port for that remote UTM.

    I believe that wireless providers block UDP and other ports that might be used for VPNs.  One reason to stay with the TCP 443 default for the SSL VPN is that your cellular data provider might block UDP.  My AT&T iPhone XS was unable to establish a working SSL VPN tunnel when using UDP 443 or UDP 1443.  Everything worked perfectly with TCP 443.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children