This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Webserver Protection for SSTP on one ip

Hi all,

I am preparing my companies migration from MS TMG to Sophos utm appliance or vm... one very important feature for our users was and still is Microsoft's sstp vpn because of its firewall pass-through capabilities!

Has anyone of you successfully configured Sophos utm to publish sstp from/to an internal RRAS?

I have read several ideas how to accomplish that, can anyone tell me whether one actually works?

1) destination NAT: internet -443-> RRAS (I suppose that must work)

2)  webserver protection wit entry URL: /_sra{...}/ HTTPS -> HTTPS

3) same as 2, with bridge: HTTPS -> HTTP (that seems closest to that TMG does)

And in order to make things even more complicated:

Is it possible to configure all this with one public IP using default ports, without some double nginx reverse proxy?

Thanks!



This thread was automatically locked due to age.
Parents
  • I have no experience with SSTP, but you could perfectly use Sophos' SSL VPN feature which also can be set up (and default is) to use TCP port 443. It's based on OpenVPN and can also be used for Android or Apple devices. But if you choose not to use it, it should be pretty easy to forward port 443 to your internal Microsoft VPN-server.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • I have no experience with SSTP, but you could perfectly use Sophos' SSL VPN feature which also can be set up (and default is) to use TCP port 443. It's based on OpenVPN and can also be used for Android or Apple devices. But if you choose not to use it, it should be pretty easy to forward port 443 to your internal Microsoft VPN-server.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children
No Data