This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Change SSL VPN Port

Is it possible to change the SSL VPN Port for Remote Access??

... and for the User Portal, too?



This thread was automatically locked due to age.
  • The User Portal port can be changed under System > Administration > Settings.
    Unfortunately I don't believe you can change the SSL VPN port.
  • If it's using port 443, won't that conflict with any WAF profiles you create on the same IP using HTTPS? If so, then SSL VPN port configuration needs to be enabled ASAP.

  • Please urgently "fix" this as many customers dont use 443 for the ssl vpn connections
  • Hi,

    Under System > Administration > Settings
    Change the "User Portal HTTPS Port" port, this port too will be used for SSL VPN remote connection.

    __

    Analyst at Tecnomega
    Cyberoam Certified Network & Security Expert (CCNSE)

  • Hi Carlos, unfortunately you are wrong. The XG uses TCP 8443 per default for SSL VPN. (Verified via TCPdump.) The User Portal SSL Port configuration has no impact in that.

  • Hi, MarcBorgers

    Yes, the same port defined in System > Administration > Settings > "User Portal HTTPS Port" :)
    Changing it, will impact in VPN config :) .. Try it

    __

    Analyst at Tecnomega
    Cyberoam Certified Network & Security Expert (CCNSE)

  • I have checked it. (System > Administration > Settings > User Portal HTTPS Port) This function is not equal to the Cyberoam configuration. Sophos use it for their User Portal and not for the SSL VPN as shown under KB1775 ( http://kb.cyberoam.com/default.asp?id=1775 ) The Sophos XG configuration site looks familiar to the Cyberoam configuration site, but the function seems to be different. I have tried 5 different port configurations and the created SSL VPN Profile (downloaded on the User Portal Site) still contains TCP 8443. So I've found my own workaround...

    Add a new rule of type Business Application Policy.
    Set application template to "Non-HTTP Based Policy".
    Give it a name.
    Set your source host to any.
    Under Hosted Server: Set source zone to "WAN"

    Under Protected Application Servers: Set protected zone to LAN
    Set protected application server to the LAN IP of the XG.
    Do not forward all ports.

    Under Port Forwarding: Set your protocol to the SSL VPN value.
    External port type is port.
    External port is 443
    Mapped port type is port as well.
    Set your internal port to 8443.

    Under Policies for Business Applications: Set Intrusion Prevention to "WAN to LAN"

    Finaly open the VPN SSL Configration File with notepad and change the SSL port to 443.

    Done...

  • This is not a viable option for anything larger than 2 people. Another need for this is guest wireless networks blocking non standard ports. That "change the SSL VPN port" field needs to be re added preferably as soon as possible.
  • Hello, is there a way to change the port ? In the road map maybe?