The FQDN for my firewall is setup with a DynDNS such that when I'm external, it will resolve to my External IP (WAN). When I did this with UTM 9, internally, the same FQDN would resolve to the Internal IP (LAN). Once I realized that it wasn't, I added a DNS Host Entry to override the FQDN with an Interface IP and the override was successful. Unfortunately, if one were to visit the Device Access page and try to disable something from the WAN Zone, it errors out even through I'm coming from the LAN Zone.
To prove this, what I did was visited http://FQDN:80 when only HTTPS was available on the WAN and attempted to disable the HTTPS checkbox on Device Access and it reported an error with "You cannot disable both HTTP and HTTPS Admin Services for the zone simultaneously as you are accessing the device using the Interface IP bound to the same Zone."
Thought I'd report this as it seems like the validation is on the FQDN instead of the resolved IP perhaps.
Cheers,
Kyle
Guest User!
You are not Sophos Staff.