Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 30 subscribers
  • Views 6598 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

selection of SSL VPN listening interface

Mykhailo Karvatskyi

I have Sophos XG210 (SFOS 17.1.3 MR-3) with WAN1 and WAN2 interfaces. Both WAN1 and WAN2 belong to zone WAN. WAN1  is much faster then WAN2 and I'd like to know if there's any way to force SSL VPN users go through WAN1 only when accessing our internal resorces without dropping packets for WAN2? 



This thread was automatically locked due to age.
Parents
  • 0

    You can also change the IP/Hostname that you would like to connect, but the downside is not been able to connect if the defined link is down (if configured by IP). You can workaround by using a DDNS. If the WAN definied went down, you change the DDNS to connect in another WAN.

    Change VPN Settings:

    • Configure > VPN > Show VPN Settings > SSL VPN > Override Hostname

    Configure DDNS:

    • Configure > Network > Dynamic DNS

     

     

    Before the changes:

     

    After override IP:

    After override DDNS:

  • 0 in reply to rafaelmicrotron

    This does work if you want to use a single IP or host name, but if you'd like to leave multiple entries in the configuration file, you can't edit that list. It's either a random order of all interface IPs, which seems like a dumb default, or it's the one host name you configure. This needs to be customizable incl. the order of interfaces to put in the config file imo.

Reply
  • 0 in reply to rafaelmicrotron

    This does work if you want to use a single IP or host name, but if you'd like to leave multiple entries in the configuration file, you can't edit that list. It's either a random order of all interface IPs, which seems like a dumb default, or it's the one host name you configure. This needs to be customizable incl. the order of interfaces to put in the config file imo.

Children
No Data