Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 6421 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

unable to connect to Supermicro IPMI Webinterface in LAN an VPN

Vento72

I connect to SOPHOS XG firewall  to my Supermicro Server X9SCM trough VPN. Connecting to the server is fine. The Firewall is our gateway static IP 192.168.190.1

Server has DHCP (Windows 2016) segment 192.168.190.50 -150.

INTERFACES: Port1 and WIfi are bridged To WLANLAN, but Wlan is set to off,  PORT2 is WAN

 

I can't reach the built in IPMI device localy or over VPN when i try to connect to que webinterface of IPMI. But it is possible to reach the IPMI (192.168.190.19 Static) trough ping or IPMIView supermicro tool.

Ping 192.168.190.19 fails from SOPHOS Diagnostics when sent trough PORT 1, or PORT 2 but succeeds over Interface WLANLAN (Bridge port 1/WIFI Privprax).

I suppose the firewall is blocking the traffic to the webinterfice in local lan and vpn. I tryed to make a business rule according to community.sophos.com/.../122976 and a

firewall rule called IPMI3 (business DNAT) an IPMI (network rule) respectively. But didn’t succeed until now. What can i do to access the webinterface IPMI device over VPN an Lan locally?

When i try to connect to IPMI over VPN i get the Picture attached.



This thread was automatically locked due to age.
Parents
  • 0

    Seems like the rule, you are trying, has an Webproxy active? 

    First of all, use the policy test to find the matching firewall policy. Business Application would only be nessessary, if you want to DNAT it through XG. But this should be accessible via firewall. 

    Then check and try to disable checks. 

    Or build a new rule: LAN/VPN to Server IP without checks. Does it work? 

  • 0 in reply to LuCar Toni

    Thanks for your advice Tony, ok the business rule was disabled. A VPN to to lan rule was created and tested in policy test to the IP of the IPMI device 192.168.190.19.Seems to be fine.

    But i'm Still getting the same image in my post above, over VPN Website not available The website you requested cannot be accessed. It may work if you try again later. (SOPHOS LOGO)

    If I try to access IPMI webinterface on lan directly on the server it says site not found. IPMVIEW and Ping is ok.

    I have a clone of the same server at home (Back up) but without sophos firewall, here the IPMI Webinterface is reachable in LAN. So it mus be a firewall issue.

    Any other idea?

  • 0 in reply to Vento72

    Try to switch the Proxy point from Allow all to none. 

    Can you post and screenshot of your firewall policy? 

  • 0 in reply to LuCar Toni

    Hi lucar,

    In the VPN Rule i have created the IPMI destination IP 192.168.190.19 (static IP, built in Supermicro device in ther Server) and the Service with the same name. Im not certain what you mean with the proxy point. The firewall ist the Gateway 192.168.190.1 / WAN goes to LAN Port 2 (Router/telephony segment 46.14.x.xxx) , Lan Port 1 is for the internal Lan in the segment 192.168.190.50-150 controlled by Windows 2016 Server  (Static 192.168.190.20) DHCP for the clients. There is also a Bridge Interface WLANLAN to allow WLAN (PRIVPRAX) to contact internal lan, but PRIVPRAX WLAN is turned off.

    What would be the proxy Point?

    Trough VPN i can reach my server and start RDP but not the IPMI device. The IPMI is pingable in LAN (CMD) but cant reach the IPMI webinterface 192.168.190.19 both in LAN and VPN.

    Thanks in advance

    Vento

     

     

     

     

     

     

     

Reply
  • 0 in reply to LuCar Toni

    Hi lucar,

    In the VPN Rule i have created the IPMI destination IP 192.168.190.19 (static IP, built in Supermicro device in ther Server) and the Service with the same name. Im not certain what you mean with the proxy point. The firewall ist the Gateway 192.168.190.1 / WAN goes to LAN Port 2 (Router/telephony segment 46.14.x.xxx) , Lan Port 1 is for the internal Lan in the segment 192.168.190.50-150 controlled by Windows 2016 Server  (Static 192.168.190.20) DHCP for the clients. There is also a Bridge Interface WLANLAN to allow WLAN (PRIVPRAX) to contact internal lan, but PRIVPRAX WLAN is turned off.

    What would be the proxy Point?

    Trough VPN i can reach my server and start RDP but not the IPMI device. The IPMI is pingable in LAN (CMD) but cant reach the IPMI webinterface 192.168.190.19 both in LAN and VPN.

    Thanks in advance

    Vento

     

     

     

     

     

     

     

Children