Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 2438 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG V18.5.380 MR2 - Base License only. Unable to access Admin Page via WAN after Upgrade

GavinDaniels

Hey.

Have recently upgraded several Sophos XG units to V18.5.380 (MR2).

On all my units I have the Admin page available on the WAN, and it is using a different port than the standard 4444

On the units which have a valid X-Stream Protect License, this is all fine.

I have 2 units at separate sites (XG125) which do not have an X-Stream License. They only have the default base license (expired and upgraded) On both of these units after the upgrade to 18.5.380(MR2) I can no longer access the admin pages via the WAN.

Opening the browser and I get returned (Forbidden, Access is forbidden to the requested page)

Downgrading one of the units back to 18.0.6 and the access to admin pages via WAN works fine.

Access to the Admin Pages Via WAN works fine in 18.5.326(MR1)

The unit is still accessible from the LAN interface when running 18.5.380(MR2)



This thread was automatically locked due to age.
  • 0

    Do you have Central Management and this also resolve into access denied? 
    BTW: I would HIGHLY recommend not to open Webadmin to WAN. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hello LuCar

    The unlicensed unit does not have Central Management, and I have not tried with Central Management,

    While I do not have the WAN port open always, what I generally do is enable it when I am doing maintenance or VPN upgrades as a backup and then disable when works are complete.

    Which is how I have found that this has stopped working.

    Regards

    Gavin

    Regards,

    Gavin Daniels. DipIT(Networking)

     

     
  • 0 in reply to GavinDaniels

    Basically you can enable Central Management for all Appliances. Base License is sufficient for this. And you would have access to the webadmin as well. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hey LuCar,

    I'll look at this, and try it out. But I did have issues with Central Management the first time I did a device upgrade.

    But still the underlying issue of the Web Admin access not working needs to be addressed.

    Regards

    Gavin

    Regards,

    Gavin Daniels. DipIT(Networking)

     

     
  • +1

    Hey,

    Was working with support regarding this, and the issue has been located.

    It is to do with a pending compulsory password reset on the admin account.

    Basically looking to get some diagnostic logs, and logging into the console was rejecting the password. So Logging into the firewall from the LAN side and checking the password and the Sophos responded wanting a compulsory password reset for the Admin Account.

    After completing the password reset, I was able to SSH into the unit, and also the WAN access to the Admin Interface began working also.

    I have tested this with a second unit showing the same issue, and the result was the same.

    So something updated in 18.5.2 will stop the WAN access to the admin page, and deny SSH access if there is a compulsory password reset for the admin account.

    Regards,

    Gavin Daniels. DipIT(Networking)

     

     
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?