Clientless Access VPN - BUG

Question

Hi,

I have an internal website that my external workers have been accessing via the portal (VPN > Clientless Access). As of yesterday my remote workers can't access pages correctly. I've restarted Sophos XG and the Server. I've noticed in the Log Viewer the following...

Log Comp: SSL VPN

Status: ALLOWED

Username: My Username

Message: Use "My Username" was allowed access of the HTTP resource http://images/logo.jpg

Is this correct? Does the IP address of the internal server need to be prefixed? Eg. http://10.12.44.10/images/logo.jpg

The portal website sometimes displays the page poorly or not at all and I can see the following source code...

The URL for this blank white page is = https://myexternalip/userportal/CRSSL/http/ClientLogin.aspx

The source code for that page is...

"<!--#set var="TITLE" value="SSLVPN User Portal Error:"

-->

"

Please can you help or throw any suggestions my way? Many thanks

EDIT: The first page kind of works. There's no neat formatting or styling. However I can see text. The URL displays the following...

https://externalip/userportal/CRSSL/http/10.12.44.10:8181

When I click any link, a white page appears and the URL changes to https://externalip/userportal/CRSSL/pagename.aspx

It's not prefixing the URL and therefore nothing is displaying correctly. Please can others check this to see if it's just me :)

Many thanks

This thread was automatically locked due to age.

sachingurung · Answer

Hi Phil, 
 The issue is associated to NC-10370. We are still waiting for the final fix and the next ETA for the fix will be with 16.05 MR2. 
 Thanks

sachingurung · Answer

Hi All, 
 This is a known issue. Here, the access to HTTP/s bookmarks to web servers, which contains JavaScript based dynamically generated URLs, is not possible. 
 The workaround to this issue is to use a full tunnel configuration with SSL VPN instead of clientless VPN access. 
 Thank You

sachingurung · Answer

Hi All, 
 I want to update about the issues related to Clientless VPN access, there are two reported NC-ID associated to this issue. 
 
 NC-13570 - This is resolved in v16.05 MR-5. The bookmarks didn't resolve properly which was caused due to "Restrict Web Applications". When it is ON, it will only allow URLs which have same domain as given in URL of bookmark. It won't allow sub domains which are used in that website. To allow this sub domains, user has to mention "Referred Domains" while creating bookmark. There was an issue in the match condition which is not fixed. 
 NC-10370 - This issue is a known behavior and the NC-ID is closed. When the URLs are generated dynamically at client side(Web Browser), then the code is not possible to rewrite. If you feel that this is not technically correct then let us know why and I would also request you to push your support case and ask for answers from the development team. 
 
 Thanks

PhilHalford1 · Answer

Woohoo!! It's working! I can now publish internal pages via the SSL VPN. 
 Thanks for fixing it. 
 I'm running firmware version SFOS 16.05.8 MR-8