Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 543 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Setup - New Guy Here

Ted Bealmear

This is my first post here, so go easy on me!

I've inherited a network job (on top of all the other stuff I do..stop me if you've heard this before) and I am getting along pretty well so far. EXCEPT for setting up an SSL VPN. I can connect to the VPN but I can't reach anything on the LAN. I'm sure it has to do with firewall rules or maybe host IP settings, but I just cannot figure this out. I've followed this and this and it has gotten me, what feels like, tantalizingly close.

Here is what I am looking for: I need to be able to connect to my 55 remote offices via VPN for troubleshooting and support reasons. None of our users need to use VPN to connect to their offices. This is purely for an administrative purpose to support 55 offices that are, in some cases, 4 hours away. This also raises the question of if I should even be using the SSL VPN and instead be using the SD-WAN Connection Groups feature within Central. That is also something that I have tried to set up but have failed in.

I will take whatever help I can get. I am sure there is a lot of information that I have left out so if there is something I need to provide just ask. I am very new to networking and, obviously, new to firewalls like this. I appreciate your time in reading this!

-Ted



This thread was automatically locked due to age.
Parents
  • 0

    So lets rephrase this: You are a customer and you want to connect your sites to your Client? 

    I would recommend to connect all sites to one / two HQ offices and then SSLVPN to this HQ. 

    It would be pain to create 55 sslvpn profiles to do this. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Ya, it definitely isn't the best solution for once I am done with this rollout. It is more of a learning thing for me right now. I feel like I am very close to getting it working. That said:

    Here is where I stand right now. I have a functioning SD-WAN connection group set up via Central where each firewall's LAN zone is the shared resource. I need it set up this way so that when I am connected behind one of my firewalls I can hit IP addresses (web admin portals for various things) on remote networks. I set up the SD-WAN connection group to be restricted to when I am authenticated using the Sophos Authentication Client for all firewalls in the group. So, when I am behind one of my firewalls I can hit the remote firewall admin pages, user portals, network-connected copiers, etc. I can't see other computers on remote networks, but that isn't a real problem right now. It is, for the most part, working the way I need it to from an administrative point of view.

    What I am hoping to be able to do is get the SSL VPN working to my office's firewall for when I am away from one of my offices altogether, or at home. I'd like to hop onto the SSL VPN into my office and then once I am connected to that, the SD-WAN connection will allow me to reach everything else. Is that achievable?

  • 0 in reply to Ted Bealmear

    Any thoughts on being able to SSL VPN into the firewall in my office that is a part of that SD-WAN connection group? Would doing that allow me to get to the rest of my devices? I've tried setting it up that way but once my office's firewall was a part of the connection group it stopped taking my VPN user credentials. Could have just been a coincidence.

    Thanks, LuCar!

Reply
  • 0 in reply to Ted Bealmear

    Any thoughts on being able to SSL VPN into the firewall in my office that is a part of that SD-WAN connection group? Would doing that allow me to get to the rest of my devices? I've tried setting it up that way but once my office's firewall was a part of the connection group it stopped taking my VPN user credentials. Could have just been a coincidence.

    Thanks, LuCar!

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?