Outgoing SSL-VPN Connection blocked by (Allow all) Webfilter

Question

Hi, 
 
 i've got an issue with an SSL VPN Connection to my Brothers Sophos XG. 
 
 I have my own Sophos XG installed and now trying to connect to my Brothers Sophos XG via SSL-VPN Port 443. 
 The traffic is blocked on my side at some point and i tried to figure out where, so i created a new Rule without any Filters / Policies / AV etc. 
 It turned out, that as soon as i use a Webfilter, no matter which one, even "Allow all" or "Default Policy" is working. Only if i use "None" the VPN works fine. 
 
 Both XG are on the latest Version SFOS 18.0.5 MR-5-Build586 
 
 I hope anybody can help me here. 
 
 Greetings 
 
 Robert

Prism · Accepted Answer

Hello, 
 Are you trying to connect with your brothers XG through the built-in SSLVPN of the Firewall? Or with OpenVPN on a separate machine? 
 By default any traffic that isn't TLS or it's invalid at Port 80/443 - will be blocked if a Web Policy is in place, It will show as "Invalid" on the Log Viewer. That's why when you disable the Web Filter It connects through without any issues. 
 Note: Since both Firewalls are XG you could setup a RED Tunnel, It will be much better and faster than SSLVPN. 
 Thanks,

Prism · Answer

Yes, RED is available for the Home License. 
 RSK said: would it help to setup the SSL VPN to another Port then 443? Something like 8443 / 10443 
 Depending on the scenario, yes.

Outgoing SSL-VPN Connection blocked by (Allow all) Webfilter

Top Replies