Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 28 subscribers
  • Views 442 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Incorrect SSL Certificate shown when accessing internal Server from WAN on port 443

Marcus Cannon

I have a DNAT in place from WAN port to internal server on port 443 (HTTPS) for accessing to users workfolders. When you connect to external URL it gives out the sophos XGS 2300 appliance certificate instead of the ssl certificate installed on the server  so it fails to connect.

How do you let client see the real server SSL certificate and not the Sophos appliance certificate.

I have tried adding a firewall rule at the top that has no web policy and no https decryption.

I am moving from a Watchguard appliance to a Sophos XGS 2300, it worked fine on the watchguard



This thread was automatically locked due to age.
Parents
  • +1

    I would highly recommend not to still use DNAT for services in the year 2022. It will expose a service to WAN without any restriction, opening a much higher attack surface. 

    Think about ZTNA/VPN applications. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thats a very good point, many thanks for the advice, much appreciated, I am so used to doing things the old way, but as the users have VPN acces anyway they can access workfolders server from VPN.

    Thanks Toni

Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?