Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 19 replies
  • Subscribers 36 subscribers
  • Views 17087 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Listens on all Interfaces???

Chris Schnobb

Hello Everyone,

Recently with the release of 17.1 I was happy to see the ability to change the SSL VPN port. I decided to take a plunge and move to XG. After a few hours of configuration and getting everything up and running I changed my SSL VPN port to 443 as most of us prefer. I than noticed that no matter the interface/alias IP port 443 is now used on every single interface and I can no longer use a second WAN port/static ip to forward 443 traffic to an internal Web Server or even use Sophos XG WAF on 443. I continue to get the error "Port already in use". I then decided to take a look on the Advanced shell and noticed 2 things. 443 is binded to all interfaces (netstat) and when I look at the openvpn.conf file it also shows that openvpn (SSLVPN) binds to all interfaces on 443. Does anyone here know of a work around or why Sophos dosnt let us choose the port to bind to like they did in UTM?

 

Thanks!

 

EDIT: created feature request as mentioned below: ideas.sophos.com/.../34668685-vpn-ssl-interface



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to FloSupport

    Hey,

    In device access only the WAN zone has ssl vpn checked off.

  • +1 in reply to Chris Schnobb

    Hey Chris,

    Edited: For correction (see reply post)

    Please raise a feature request for the option of selecting which interface(s) to bind/enable SSL VPN to. I believe the local service ACL's will enable/deny the incoming connections based on which zone it is arriving on, regardless all the interfaces will still be listening for this SSL VPN port traffic

    For the SSL VPN and WAF port conflict, I will also bring this issue up with our team for their feedback. I believe further investigation may be needed for this scenario as this should be possible with OpenVPN's port-share capability.

    Regards,