Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 2 subscribers
  • Views 19522 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ssl vpn internet issues

Olaf Lobrecht

Hi * following situation 

utm9 on a sg 330

vpn SSL is configured with adsso backend and default vpn pool dhcp adresses

vpn pool is set  to allowed in dns

dns server in vpn ssl are internal dns servers with no outside connection( e.g. they can't resolve www.google.com )

web protection filtering is on in standard mode (and internal network + vpn ssl pools are allowed )

now when connected with vpn ssl to the sophos, i can look up internal addresses fine, I can access all servers fine

but I cannot access the proxy ( http://sophos:8080)( the squid proxy is not enabled just the web filtering in standard mode ) and therefore I cannot access the internet through the proxy.

I do not see any of my assigned ops in the web filtering log

the vpn ssl connection is set to allowed networks ==>internal

internal computers can surf the web via sophos:8080 proxy  which is can be auto configured via wpad.dat 

i can ping outside addresses if I know the ipaddress, but obviously, this will not help me with the webproxy

eg in whatever browser I type www.google.con , and nothings happens

In the company i cannot resolve the ip address of www.google.com either but when typing it into the webbrowser, the proxy resolves it accordingly and i can surf the web

 

I hope that makes sense

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Olaf, and welcome to the UTM Community!

    Like the SSL VPN, several different sections of the UTM will use AD, but only Web Filtering uses AD-SSO.

    "vpn pool is set  to allowed in dns" - Have you configured 'Remote Access >> Advanced'?

    "web protection filtering is on in standard mode (and internal network + vpn ssl pools are allowed ) [...] but I cannot access the proxy"  Is the browser of the client connected via SSL VPN configured to use the Standard mode?

    "I cannot access the internet through the proxy.  I do not see any of my assigned ops in the web filtering log" - doesn't this mean that the browser of your client isn't configured to use the Proxy?

    I normally configure the Default Profile in Transparent mode without Authentication and then create a Web Filtering Profile in Standard mode with AD-SSO authentication.  That way, if a computer doesn't qualify for the Profile in Standard mode or is not configured for Standard Mode, requests from it are handled by the Default Profile in Transparent.  I put more restrictions on Transparent mode usage.

    Cheers - Bob
    PS Moving this thread to the Web Protection forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    "vpn pool is set  to allowed in dns" - Have you configured 'Remote Access >> Advanced'? 

    ==> yes , what info do you need here

    "web protection filtering is on in standard mode (and internal network + vpn ssl pools are allowed ) [...] but I cannot access the proxy"  Is the browser of the client connected via SSL VPN configured to use the Standard mode 

    ==> i only test with macbookcs and I have the proxy in the network settings , if that answers your question

    "I cannot access the internet through the proxy.  I do not see any of my assigned ops in the web filtering log" - doesn't this mean that the browser of your client isn't configured to use the Proxy? 

    ==> as above the proxy is configured

    I normally configure the Default Profile in Transparent mode without Authentication and then create a Web Filtering Profile in Standard mode with AD-SSO authentication.  That way, if a computer doesn't qualify for the Profile in Standard mode or is not configured for Standard Mode, requests from it are handled by the Default Profile in Transparent.  I put more restrictions on Transparent mode usage.

     

    ==> I have tried yesterday and taken the block away if ads fails  and at least on the commandline i could reach the web via wget, but no browser was able to reach the web

  • 0 in reply to Olaf Lobrecht

    A screencap of 'Remote Access >> Advanced' would work!  Also, one of 'Allowed Networks' in you Web Filtering Profile and one of 'Local Networks' in the SSL VPN Profile.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    how do i get those screenshots to you ?
  • 0 in reply to Olaf Lobrecht

    You can drag-n-drop them into the editor here or cut-and-paste or Insert an image file.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data
Unfiltered HTML