Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1144 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting Sophos to work in VM

NA NA3

I've setup is as follows:

2x vNics in VM "Briged" and "Host.. on Sophos. "Briged" is only for WAN access eventually, (if i can get it to work)

1x vNic on same VM host subnet  for map sharing tog VPN.

Installed Sophos ISO, and changed 172.16.16.16 IP to that from VMWare (host only (172.16.253.x)..  It took me ages to relieaze first of no matter what, i couldn't change VPN range o sophos from 10.0.x to 172.x (aka bring it into the same range. and then i release later i guess that could be for security reasons, so i just left it "as is"), you know just to make network more simpler instead of doing over multiple ranges..

Configured CA, VPN/user and firewall rules, and downloadedsophos client.

Testing from within LAN on  this 2nd VM, i connect via client okayed it shows up under "Current ACtivuties" on Sophos..

 However, because 'm physicaly on the Lan, i don't think i could use the same "trick" to to go over WAN..,. (eg.... browse to external IP on purpose/user portal, and try downloading and connect that way  (unsure it routing will loopback, ir it would just "assume"

In any case i got LAN to work... Now comes the hard part...  Realising and testing OpenVPN on iPhone was a total waste, *for now* i wanna try and connect WAN side...  What ports do you need to forward ?  Are they the same ones regardless of connection method ?  weather you use SSL Remote or ovn config ?

I actually logged into my friend Sophos and download HIS .ovpn.   Comparing his and mine in text edit may of pinpointed the issue..

At the bottom of his, he has "remote = <pubic IP address>" added in addition to the usual LAN address which i have... But i'm missing WAN IP from config.

I this this could be the problem,, and if i just add it to mine, and save, Sophos won't connect.... (again,, presumably i need  sort out WAN thing first...)

I can access portal using WAN IP no problem, but still uncertain because i am physically on LAN if you know what i mean,.

I'm close... but i could use some suggestions.

I've looked in Log Viewer but its either useless, or everything must appear fine, because there is no entries at all.... which probably assumes its not even making it.



This thread was automatically locked due to age.
  • 0

    Did you use override hostname in VPN Config tab? This will give you the option to define a IP or a DNS for the WAN Interface of XG. 

    If not, XG will simply try to figure out, which IP is used.

    Did you also register the appliance? 

  • 0 in reply to LuCar Toni

    it worked... it connected fine and mapped ok (I'm assuming routes are all working as there are no errors in log of sophos client) so imapped 10.0.x.x... so i'm assuming will be ok when done physically from outside.

    Now, i need to get it to work with openvpn..  Which ports are needed to forward? I have not registered appliance yet as i'm only using it as a test.

    I have 1194 open,however whats stange is only port 8843 showing as "open". HTTPS and port 1194 i also fowarded to same server reports as "Closed" from port checkers online.

    How can i access user portal from my own external IP over HTTPS if 443 incoming was closed?   Yes,  I am inside LAN, but i'm typing my external IP..  Perhaps this is why  i need to be outside ? *shrugs*..

    In any case, what ports are needed for openvpn.. then my mate will check..or i can use iPhone (cellular with openVPN connect)

  • 0 in reply to NA NA3

    The registration is required to get SSLVPN working. The registration will generate a CA with the needed information. This CA is used to generate the certificates of SSLVPN. Therefore you cannot change anything in SSLVPN (Like the IP range you described earlier). The Firewall prevents to change anything until you register the firewall. 

  • 0 in reply to LuCar Toni

    ok thx, I registered,, but i thought i was 90-days, not 30.. oh well ... that's still plenty of time..

    I hit a 'stop--gap" with Port Forwad issues, i need to sort out first... Its a hit and miss approach where some ports are closed one minute, open the next, so need to resolve that first..

    I think that's the only thing now. Thx.

  • 0 in reply to NA NA3

    Basically you need the user Portal to download the config. This port is setup in administration. 

    Then you need the port of SSLVPN itself, config in VPN settings. 

  • 0 in reply to LuCar Toni

    firewall config rules were round the wrong way.. working Slight smile

    log viewer never logged them. if if did, I may of been able to solve it sooner. it never got to firewall, but if it denied access i expected to see from <ip>