Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 1942 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can not use WAF because of 443/UDP on SSL VPN

Frank Fühner

Hello,

i configured today WAF on a Sophos XG, because of Port 443/UDP for SSL i get a conflict. Where is the Problem? It is not the same Port ... on the WAF side TCP on the SSL side UDP. Can anybody help me please? 

Best regards
Frank



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Frank Fühner

    Hello,

    Could you try to change your SSLVPN port, and instead of using UDP 443 maybe use UDP 8443 or 10443.

    This is the fastest way to have your SSLVPN and WAF working together. Because I think Sophos cannot add a new feature to select an interface in particular for SSLVPN this fast...

    Regards.

  • 0 in reply to Frank Fühner

    Hi Frank

    I missed that detail that you ask specifically for UDP

     

    I checked this on a spare firewall and it should technically be possible to bind

    WAF: TCP/443

    SSLVPN: UDP/443

     

    As you can see both services only bind to either TCP or UDP:

    XG230_WP02_SFOS 18.0.1 MR-1# netstat -tulpen | grep 443
    tcp 0 0 xxxxxx:443 0.0.0.0:* LISTEN 0 12006865 17648/httpd
    udp6 0 0 :::8443 :::* 0 12008562 18010/sslvpn

     

    But as you noticed the GUI will show an error message, that it's not allowed to configure both services on the same port, even if they are technically separated by protocol.

    The solution would be that sophos implements the ability to bind SSLVPN to one or more interfaces.  Its important that they don't limit it to "1" interface, otherwise you lose the ability fro client tunnel failover.