Our office recently installed new Sophos hardware - moving from an old SG UTM to a new XG310. I'm still trying to get my head wrapped around the XG interface, which as you probably know, is vastly different from the old SG UTM interface. So please forgive me if I'm missing something that should be obvious -- I'll get there eventually.
We were running the old version 18 MR-4 software, and it was working fine. We had SSL VPN set up so that our "road warriors" could connect back to the office network. Under MR-4, this was working well. I upgraded our XG310 to MR-5 last weekend, and quickly discovered that it "broke" our SSL VPN connections. I suspect this is due to the line in the release notes that says "Port 443 sharing between SSL VPN and the Web Application Firewall (WAF)". I "fixed" the problem by rolling back to the MR-4 version, but I'd really like to get it working with MR-5.
I read through the "MR-5 Feedback and Experiences" thread, but I'm still somewhat confused. We have no web servers behind our firewall, just file servers and license servers. We do have the XG310 User Portal turned on, however, if that makes a difference. In the XG user interface, if I go to System Services > Services, in the "WAF" section, it says "No web server configured". So is the WAF still interfering with our SSL VPN connections? Can I (or should I) do something to disable WAF (if it's really true that we're not using WAF) so that SSL VPN can continue to work over TCP? Or is my only choice to switch SSL VPN to run over UDP instead of TCP (which doesn't seem like a good idea to me).
Any suggestions or further explanation will be greatly appreciated. Thanks!
-- Bruce Giles
Sophos XG310, version 18 MR-4
This thread was automatically locked due to age.
