Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 6699 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I need Instructions step by step setting up XG 105 ssl vpn remote access.

DMC

I have read the admin guide, and I have not been successful in setting up the VPN.

Can someone please supply a step by step instructions for the XG 105 for SSL VPN Remote.

When there are choices to be made, please explain the consequence of each choice and which is the better choice.

Thank you



This thread was automatically locked due to age.
  • 0

    I need to add on that the firmware is 16.

    1. Over ride host name. What exactly needs to be put there. The internet connection is DHCP and there is an account with DNYDNS.org

    2. Does the domain host name in the SSL settings need to be filled? Can you give an example? Is it based on any information in the general firewall setup?

    3. In the SSL VPN Remote settings what do I choose for Network resources. It shows the 4 default ports. Port 1 is the Lan. Port 2 is the Wan. Port 3 is the DMZ. I selected Port 1.

    Also I was able to connect to the firewall and get the network IP address onto the remote computer. However I can't access the computers on the network, nor can I ping them.

    Thank you

  • +1 in reply to DMC

    Jay,

    you can find the guide here:

    https://community.sophos.com/kb/en-us/122769

    If you are unsuccessful, please share screenshot of what you have done.

    Thanks

  • 0 in reply to lferrara

    Thank you. It works.

    However you should know that my XG 105 with version 16 is slightly different than the instructions layout. I had to find the settings in your guide in the new location in this firmware version.

    For example Network Policy is now called Firewall.

    There were a few steps in your guide which the Admin Guide didn't refer to.

    Also I don't understand why your guide says there should be NO vpn policy. (I did enable the policy that I created)

     

  • 0 in reply to lferrara

    These are some of the differences in your guide and the XG 105 with version 16.01.1

    Creating Users

    1. First step in creating Users. On the XG 105 it is under Configure and Authentication.

    2. Go to USERS, it is on the top menu, where it says Servers, Services, Groups etc.

    3. In Group* select OPEN GROUP

     

    Check Authentication Services

    1. System - Administration - Device Access. Device Access is on the top in the menus. Licensing, Device Access, Admin Settings, etc.

    2. Make sure that you give SSL to Wan. My VPN only allowed to check off Ping and DNS. SSL VPN was greyed out. I did enable DNS and Ping on the VPN Zone.

     

    Creating a Network Policy

    1. That is under Protect - Firewall.

    2. Rule postion should NOT be at the bottom. At the bottom I have a rule to drop all services. I first have permitted services on top, and then afterwards is a rule to drop all services.

    3. I have 2 firewall rules created. One the source is VPN (and not Wan). The destination is Lan. Match all users is checked, and I added the user that was created earlier. Turn on Rewrite source addressing. The MASQ is selected. It is the local IP address of your LAN PORT. Intrusion Prevention is turned off.

    4. The second rule has the Source as Lan and the destination is VPN (and not Wan). I did NOT enable NAT & ROUTING - Rewrite Source Address.  

    When granting access to the VPN for local resources one must create a rule in the VPN Remote Access below the Tunnel Access, Permitted Network Resources. Create a rule to allow network resources. Selecting Port 1 which is the LAN Port will not help.

    This setting is in VPN, SSL VPN Remote Settings.

    Scroll down to Tunnel Access.

    Permitted Network Resources IPv4.

    One must create a rule IP address 192.168.X.X  subnet /24 (255.255.255.0)

    If this rule isn't created in this dialog box, then resources can not be accessed.

    This isn't mentioned in the manual link nor in the latest Admin guide to version 16.

    Also the the VPN has the icon top left to TO SHOW ALL VPN Settings. That also needs to be configured.

    Those are the differences that I noticed.

    I hope this is helpful.