Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Subscribers 26 subscribers
  • Views 9219 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Settings don't work

ThomasGumpinger

I've started to migrate from UTM to SFOS 16.05 on a SG210 some hours ago. Everything works smoothly apart from the SSL VPN. Users in the users portal cannot download any config. Whenver I'm trying to change the SSL VPN settings it has absolutely no effect. I'm stuck here.



This thread was automatically locked due to age.
  • 0

    Thomas,

    Make sure that the patterns are updated. If it does not work, generate the built-in CA and try again.

    Also make sure users are ssl vpn enabled.

    Let us know.

    Thanks

  • 0 in reply to lferrara

    hi,

     

    thx for your quick answer,

     

    the users are ssl vpn enabled and assigned a vpn policy. however, changing the ssl vpn settings (in the vpn section) has no effect, every time I open the settings they're back to default.

    additionally, I cannot regenerate the certificate authority, terminating with the error message: Certificate Authority details could not be updated or certificates could not be regenerated. regenerating the appliance certificate has no effect.

    all the best

     

    Thomas

     

  • 0 in reply to ThomasGumpinger

    Uhm...

    What version are you running?

    I have seen a similar behavior where the CA was not working correctly.

    Try to change one field of the CA and save.

    Then regenerate the built-in Certificate and try again to login to user portal.

  • 0 in reply to lferrara

    I'm running 16.05 the latest release. There is nothing I can do to the CA. It's empty and if I fill in values I can save it but it ends with the error mentioned above.

     

  • 0 in reply to ThomasGumpinger

    Thomas,

    Can you try to regenerate the certificate from the console?

    Thanks

  • 0 in reply to lferrara

    how do I do that?

     

    by the way, I also tried a lean install and it ends up the same ....

  • 0 in reply to ThomasGumpinger

    Thomas,

    The CA should be Appliamce SSL and not default.

    To reset the certificate, connect to console using putty and then under device management (I guess) you find reset web certificate.

  • 0 in reply to lferrara

    Unfortunately, regarding the VPN settings nothing really changed...

    however, I have to head back to the office now as there is no way to connect to the device remotely: This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

     

    there is no Firefox security exception for this.....

  • 0 in reply to lferrara

    I fixed the problem....... it was a long shot...

     

    So here is what happened (and still happens to others).... 

    It basically all depends on the information you put in when you open your sophos account. In this case my customer put an extraordinarily long company name in the company field plus it contained special characters (umlaut and ampersand).

     

    Thus, the very moment the xg firewall goes online it connects to the sophos server and creates a certificate using the information stored within the sophos account. However, if this information contains special characters and/or is extremely long the created certificate does not work. The only way out I found was to log into the sophos account and and change the information to non-special characters and keep it short and simple and then reinstall the xg from scratch...

    grazie per il tuo aiuto....