Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outgoing SSL-VPN Connection blocked by (Allow all) Webfilter

Hi,

i've got an issue with an SSL VPN Connection to my Brothers Sophos XG.

I have my own Sophos XG installed and now trying to connect to my Brothers Sophos XG via SSL-VPN Port 443.

The traffic is blocked on my side at some point and i tried to figure out where, so i created a new Rule without any Filters / Policies / AV etc.

It turned out, that as soon as i use a Webfilter, no matter which one, even "Allow all" or "Default Policy" is working. Only if i use "None" the VPN works fine.

Both XG are on the latest Version SFOS 18.0.5 MR-5-Build586

I hope anybody can help me here.

Greetings

Robert



This thread was automatically locked due to age.
  • Hello,

    Are you trying to connect with your brothers XG through the built-in SSLVPN of the Firewall? Or with OpenVPN on a separate machine?

    By default any traffic that isn't TLS or it's invalid at Port 80/443 - will be blocked if a Web Policy is in place, It will show as "Invalid" on the Log Viewer. That's why when you disable the Web Filter It connects through without any issues.

    Note: Since both Firewalls are XG you could setup a RED Tunnel, It will be much better and faster than SSLVPN.

    Thanks,

  • Hi Prism,

    thanks for your answer. Is RED available for the XG Firewall Home Edition?

    I will give it a try.

    If RED is not included in the License, would it help to setup the SSL VPN to another Port then 443? Something like 8443 / 10443

    Greetings

    Robert

  • Yes, RED is available for the Home License.

    would it help to setup the SSL VPN to another Port then 443? Something like 8443 / 10443

    Depending on the scenario, yes.

  • Changed it to 8443 an it worked just fine. Thanks

    I will also try RED just to learn something :)