internal access to wan IP (dynamic DNS)

Khaled,

can you share some screenshot of your configuration?

Thanks.

i can access everything from outside, only from internal i can't access using the wan ip or dynamic dns 

Hi Ian,

Thanks for your reply ,when i ping FQDN which is registered with Sophos DynDNS i get public IP 14.201.88.67

But when i try to access admin portal with :4444 i get below error

Is this because Sophos DynDNS is a free service and works only to for accessing user portal 

Appreciate your help

Also just for curiosity , are you able to access your Admin portal from a different network

Regards

Raju

Hi Ruka,

what do you mean admin portal?

I have disabled my external access because it is a security risk, I use the Sophos CM if I want to access my XG which is free with 7 days of reports data stored.

The Sophos DNS has no idea about what you are using the connection for, it provides an IP address for a requested URL if the URL is registered with the Sophos DNS.

There is something wrong with your connection that is causing the XG not to respond on port 4444.

Ian

Hi Ian,

Thanks for your message , what i meant by admin portal is admin console ,please refer below

Will try to change port 4444 to something else and test if that works

Thanks for your help and apologies for the delay in replying

Hi,

don't change the GUI port, try logging into eh XG GUI using the external IP address of your XG.

Ian

Hi Ian,

Thanks for your reply , tried external IP  , which is https://14.201.88.67:4444 

Still no luck on port 4444 but 443 works fine for accessing User portal

Accessing User portal works both on Chrome and Firefox

On a side note , able to access Admin console when connected to either Sophos Connect or SSL VPN but by using Port 1 or Port 3 LAN Interface IPs

Not sure what else to be looked at

As always appreciate your time and effort

Regards

Raj

Hi Ruka,

did you try usingg the external access from a different site?

Ian

I would suspect that port 4444 is being blocked by TPG.

Ian

Hi Ian,

Thanks for your reply, tried using my mobile phone

same results , able to access user portal but no luck with accessing admin portal

tried both external IP and FQDN with :4444 

Without port number takes me directly to user portal thou

Appreciate your cooperation

Thanks

Raju

Thanks Ian

I too feel that now, would changing the port number on Device Access the only thing that needs to be done or is there any other place we need to update port number

Thanks

Raju

Setup an account on the Central management site and then link your XG to it, then you don't need to use the external interface access.

Ian

Setup an account on the Central management site and then link your XG to it, then you don't need to use the external interface access.

Ian

Thanks Ian

I will try that route then

Appreciate your help

Regards

Raju

Hi Ian ,

Just fyi , access to admin console from WAN is working now , guess adding port forwarding on my modem/router did the trick

It was suggested by Saleem another Sophos community member

Once again appreciate your help , also i will go the CM route since its more secure rather exposing WAN side

Regards

Raju George

Hi Raku,

my answers were based on the assumption that your modem/router is in bridge mode. The result of your modem/router being in route mode is you have double NAT which makes debugging difficult.

Ian

Thanks Ian

Apologies , i was not sure if the bridge mode or router mode would be linked to this issue , below is the current setting on my TP Link Router , which i will be removing soon and connect Sophos XG directly to NBN FTTN NTU

Once again appreciate your help

Have a good day 

Regards

Raju George

Hi Raju,

if you had to add ports on it to allow access to your XG then it was in router mode.

Ian

Fixed spellchecker errors.

Hi Ian,

I quite did not get you on the above statement.

At the moment i have mini PC ( Sophos XG installed ) with four ports. 

Port 2 connected to TP Link Modem/Router , which is connected to TPG NBN NTU

Port 1 and Port 3 on mini PC is used for LAN

I'm thinking of taking out TP Link hardware from the above config and connect Sophos XG directly to NBN NTU , and provide the TPG PPPoE details

Please advise if this is the right way

Thanks

Raj