internal access to wan IP (dynamic DNS)

Khaled,

can you share some screenshot of your configuration?

Thanks.

i can access everything from outside, only from internal i can't access using the wan ip or dynamic dns 

Morning Ian,

Have changed the settings as below , please let know if anything else needs to checked or unchecked to keep it more secure.

Yes, i had used GUI for configuring Admin Access , initial Admin password was given when during initial OS install , after which i have changed it via GUI

Appreciate your help

Regards

Raju George

Hi Ruka,

if you want to access your XG internally using the FQDN you will need to create a DNS host entry in the network tab using the FQDN but using the internal address and do not tick the publish on wan box.

Ian

Hi Ian,

Thanks for your reply , i had this configured initially but Publish on WAN was ticked , please advise what are the differences on having ticket and unticked ( have unticked it as per advise )

Also im wanting to access this FQDN while im on different network , for eg : at Office ,internally it works fine  :443 for user portal but not :4444 for Admin portal , need to use https://192.168.1.150:4444 when on internal network

Also should i be using Port IP or NAT'ed Public IP , please refer to below screen

Appreciate your assistance as always

Regards

Raju

Hi Ruka,

if you tick advertising on WAN you are posting your internal address on the WAN, not advisable.

The internal lookup should look a bit like this, part of the shot has been cutoff.

When using the dynamic DNS you should be using your external interface and preferably with its FQDN and I assume you have registered it with the Sophos DNS?

Ian

Hi Ian,

Thanks for your reply ,when i ping FQDN which is registered with Sophos DynDNS i get public IP 14.201.88.67

But when i try to access admin portal with :4444 i get below error

Is this because Sophos DynDNS is a free service and works only to for accessing user portal 

Appreciate your help

Also just for curiosity , are you able to access your Admin portal from a different network

Regards

Raju

Hi Ruka,

what do you mean admin portal?

I have disabled my external access because it is a security risk, I use the Sophos CM if I want to access my XG which is free with 7 days of reports data stored.

The Sophos DNS has no idea about what you are using the connection for, it provides an IP address for a requested URL if the URL is registered with the Sophos DNS.

There is something wrong with your connection that is causing the XG not to respond on port 4444.

Ian

Hi Ian,

Thanks for your message , what i meant by admin portal is admin console ,please refer below

Will try to change port 4444 to something else and test if that works

Thanks for your help and apologies for the delay in replying

Hi,

don't change the GUI port, try logging into eh XG GUI using the external IP address of your XG.

Ian

Hi Ian,

Thanks for your reply , tried external IP  , which is https://14.201.88.67:4444 

Still no luck on port 4444 but 443 works fine for accessing User portal

Accessing User portal works both on Chrome and Firefox

On a side note , able to access Admin console when connected to either Sophos Connect or SSL VPN but by using Port 1 or Port 3 LAN Interface IPs

Not sure what else to be looked at

As always appreciate your time and effort

Regards

Raj

Hi Ruka,

did you try usingg the external access from a different site?

Ian

Hi Ruka,

did you try usingg the external access from a different site?

Ian

I would suspect that port 4444 is being blocked by TPG.

Ian

Hi Ian,

Thanks for your reply, tried using my mobile phone

same results , able to access user portal but no luck with accessing admin portal

tried both external IP and FQDN with :4444 

Without port number takes me directly to user portal thou

Appreciate your cooperation

Thanks

Raju

Thanks Ian

I too feel that now, would changing the port number on Device Access the only thing that needs to be done or is there any other place we need to update port number

Thanks

Raju

Setup an account on the Central management site and then link your XG to it, then you don't need to use the external interface access.

Ian

Thanks Ian

I will try that route then

Appreciate your help

Regards

Raju

Hi Ian ,

Just fyi , access to admin console from WAN is working now , guess adding port forwarding on my modem/router did the trick

It was suggested by Saleem another Sophos community member

Once again appreciate your help , also i will go the CM route since its more secure rather exposing WAN side

Regards

Raju George

Hi Raku,

my answers were based on the assumption that your modem/router is in bridge mode. The result of your modem/router being in route mode is you have double NAT which makes debugging difficult.

Ian

Thanks Ian

Apologies , i was not sure if the bridge mode or router mode would be linked to this issue , below is the current setting on my TP Link Router , which i will be removing soon and connect Sophos XG directly to NBN FTTN NTU

Once again appreciate your help

Have a good day 

Regards

Raju George

Hi Raju,

if you had to add ports on it to allow access to your XG then it was in router mode.

Ian

Fixed spellchecker errors.

Hi Ian,

I quite did not get you on the above statement.

At the moment i have mini PC ( Sophos XG installed ) with four ports. 

Port 2 connected to TP Link Modem/Router , which is connected to TPG NBN NTU

Port 1 and Port 3 on mini PC is used for LAN

I'm thinking of taking out TP Link hardware from the above config and connect Sophos XG directly to NBN NTU , and provide the TPG PPPoE details

Please advise if this is the right way

Thanks

Raj