Sophos XG V18.5.380 MR2 - Base License only. Unable to access Admin Page via WAN after Upgrade

Question

Hey. 
 Have recently upgraded several Sophos XG units to V18.5.380 (MR2). 
 On all my units I have the Admin page available on the WAN, and it is using a different port than the standard 4444 
 On the units which have a valid X-Stream Protect License, this is all fine. 
 
 I have 2 units at separate sites (XG125) which do not have an X-Stream License. They only have the default base license (expired and upgraded) On both of these units after the upgrade to 18.5.380(MR2) I can no longer access the admin pages via the WAN. 
 Opening the browser and I get returned (Forbidden, Access is forbidden to the requested page) 
 Downgrading one of the units back to 18.0.6 and the access to admin pages via WAN works fine. 
 Access to the Admin Pages Via WAN works fine in 18.5.326(MR1) 
 The unit is still accessible from the LAN interface when running 18.5.380(MR2)

GavinDaniels · Accepted Answer

Hey, 
 Was working with support regarding this, and the issue has been located. 
 It is to do with a pending compulsory password reset on the admin account. 
 
 Basically looking to get some diagnostic logs, and logging into the console was rejecting the password. So Logging into the firewall from the LAN side and checking the password and the Sophos responded wanting a compulsory password reset for the Admin Account. 
 After completing the password reset, I was able to SSH into the unit, and also the WAN access to the Admin Interface began working also. 
 
 I have tested this with a second unit showing the same issue, and the result was the same. 
 
 So something updated in 18.5.2 will stop the WAN access to the admin page, and deny SSH access if there is a compulsory password reset for the admin account.

Sophos XG V18.5.380 MR2 - Base License only. Unable to access Admin Page via WAN after Upgrade

Top Replies