internal access to wan IP (dynamic DNS)

Khaled,

can you share some screenshot of your configuration?

Thanks.

i can access everything from outside, only from internal i can't access using the wan ip or dynamic dns 

Khaled,

this is correct. You should use internal IP to access internal host. However if you put inside the BARs LAN on Source zone either, it will allows you to access.

As I said, use internal Ip to access internal hosts.

Hi Luk,

Currently i use Sophos XG installed on Mini PC. Using Sophos DynDNS

I'm able to access user portal to download SSL VPN Client from outside network using https://bethelsophosxg.myfirewall.co:443

but im unable to access Admin portal via https://bethelsophosxg.myfirewall.co:4444 

Have enabled WAN and LAN access under "Device Access"

Atm only way to access Admin portal is to have connected to VPN first ( when on external network ) and then access via LAN port

Is there anyway to access Admin portal without having to be connected to VPN

Appreciate any help

Please refer below for Device Access config

Hi Ruka,

you do not need DNS on the WAN, that means you are providing a DNS for all internet users.

Have you configured the admin access within the GUI -> Admin -> admin settings?

Ian

Morning Ian,

Have changed the settings as below , please let know if anything else needs to checked or unchecked to keep it more secure.

Yes, i had used GUI for configuring Admin Access , initial Admin password was given when during initial OS install , after which i have changed it via GUI

Appreciate your help

Regards

Raju George

Hi Ruka,

if you want to access your XG internally using the FQDN you will need to create a DNS host entry in the network tab using the FQDN but using the internal address and do not tick the publish on wan box.

Ian

Hi Ian,

Thanks for your reply , i had this configured initially but Publish on WAN was ticked , please advise what are the differences on having ticket and unticked ( have unticked it as per advise )

Also im wanting to access this FQDN while im on different network , for eg : at Office ,internally it works fine  :443 for user portal but not :4444 for Admin portal , need to use https://192.168.1.150:4444 when on internal network

Also should i be using Port IP or NAT'ed Public IP , please refer to below screen

Appreciate your assistance as always

Regards

Raju

Hi Ruka,

if you tick advertising on WAN you are posting your internal address on the WAN, not advisable.

The internal lookup should look a bit like this, part of the shot has been cutoff.

When using the dynamic DNS you should be using your external interface and preferably with its FQDN and I assume you have registered it with the Sophos DNS?

Ian

Hi Ian,

Thanks for your reply ,when i ping FQDN which is registered with Sophos DynDNS i get public IP 14.201.88.67

But when i try to access admin portal with :4444 i get below error

Is this because Sophos DynDNS is a free service and works only to for accessing user portal 

Appreciate your help

Also just for curiosity , are you able to access your Admin portal from a different network

Regards

Raju