Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 783 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenVPN Protocol Connection to LAN Device

Niall Corcoran

Hi all,

I am hoping I can find some help here in relation to an issue that my company is having with a third party attempting to connect to their device on our network. The machine in question is on our LAN and has a static IP address. However, the supplier of the machine is based in a different country and cannot connect to the machine since we upgraded from a UTM to an XG firewall recently. I'm finding my way around the new XG but I have run into an issue with their request for access.

The bottom section of the image below "New Configuration" is the connection configuration that the machine suppliers require in order to gain access to the device.

On the XG (Web --> Exceptions) I have created an rule for the server names and IP addresses:

I have also created an entry in 'Rules and Policies' that allows access though port 10000:

I am open to correction on the above but I believe I have created the rules correctly.

However, I am completely at a loss as to how add the OpenVPN Protocol to the XG that would allow the machine suppliers access to their device. Or whether their request is even possible on the XG?

I have set them up with a connection to a computer on our LAN using both SSL VPN and using Bookmarks with a User Portal login but neither are sufficient for them - they require the connection to the machine exactly as they describe.

Any help or advise would be greatly appreciated.

Kind Regards,

Niall Corcoran



This thread was automatically locked due to age.
  • 0

    Hello Niall,

    Thank you for contacting the Sophos Community!

    The service you created "GEA Port Numbers" is incorrect, Souce Port should be always the Default 1:65535 and Destination Port would be the Port they are asking you to use for the device.

    You can also check in the Live Log by Filtering by the IP of the device on your LAN that is being blocked.

    Also if you create a Firewall rule like the following:

    Source Zone = LAN Source Network and devices = IP of the Computer

    Destination Zone = WAN = Destination Network = ANY, Services = ANY

    Does it work?

    Regards,

  • 0 in reply to emmosophos

    Hi Emmanuel,

    I have made the suggested changes and will inform the device manufacturer and revert back. Do you know is the OpenVPN protocl automatic as I believe that might also be where there is an issue with the connection.

    Thanks of course for your feedback, regards,

    Niall Corcoran

  • 0 in reply to Niall Corcoran

    Hello Niall,

    I am not sure what they refer to as OpenVPN Protocol, other than it uses UDP and TCP, so maybe they meant to have UDP and TCP allowed. 

    Regards,

  • 0 in reply to emmosophos

    Hi. Thanks for the reply and apologies for the late answer. I have no luck so far but I am beginning to suspect it might not be our firewall that is the issue. I have some engineers coming on-site next week so hopefully they will be able to diagnose if there is an issue on their machine.

    Thanks again.

    Niall Corcoran