Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 3026 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SPX Encryption Portal - Internal Access

Matt Seymour

Hi All,

We have been implementing the SPX encryption in preparation for GDPR.

Externally this is working great. I have configured an A record in DNS that resolves to the listener address (external additional address) on the Portal settings section.

I have already configured an A record for the SPX url internally and can resolve the IP that is connected to the internal LAN. I assume this is not working because of the fact i have configured the listen address as an external address. 

Is there any way to allow users on the internal LAN to be able to connect to the SPX portal? 

TIA

Matt



This thread was automatically locked due to age.
Parents
  • 0

    My preference would be to change the 'Listening address' to "Any" and do split DNS.

    An alternative (I haven't tried it, but it should work) would be to use a NAT rule like:

    Full NAT : Internal (Network) -> {10444} -> External [SPX] (Address) : to External [SPX] (Address) from Internal (Address)

    Which approach did you use?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    My preference would be to change the 'Listening address' to "Any" and do split DNS.

    An alternative (I haven't tried it, but it should work) would be to use a NAT rule like:

    Full NAT : Internal (Network) -> {10444} -> External [SPX] (Address) : to External [SPX] (Address) from Internal (Address)

    Which approach did you use?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Hi Bob,

    Thanks for the response.

    We do have split DNS already configured. The SPX address resolves to the internal interface IP of the UTM.

    We had to change the port from 10444 to 443, because others did not allow port 10444 on their proxies and we were getting help desk queries daily, saying they were getting error messages, trying to set passwords. So i setup a new IP in our External facing DNS and created an Additional address on the UTM and set the listen address to the new IP. This works great externally.

    When i try to change the Listen address now to ANY to gives me the error.

    The TCP port '443' is already in use by the portal->port:part configuration.

    I'm not sure what is actually in use as i have checked the user portal.

     

    HOWEVER, to get around that i changed DNS so internally it was also pointing at the external address. I then realised our internal Cisco ACL would block access to the external address directly so I allowed that through, then put a proxy exception in for the URL and VOILA success.

    Thanks for pointing me in the right direction :) 

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML