Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 20 replies
  • Subscribers 2 subscribers
  • Views 8593 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User portal on multiple addresses

TPok
Hi,

I have an internet connection with several static IPs and an internal LAN.
On one external address (let's say address2) I am publishing an internal web site on port 443 with WAF.

Now I want to be able to access the user portal from inside the LAN and from the internet via external address1. What do I have to put in the listen address field of the user portal configuration?

I can't put there "any" because this does collide with the WAF config. The field only accepts one address. A network group is not accepted.

I don't want to change the port to a non-standard value.

Any suggestions?


This thread was automatically locked due to age.
  • 0
    Just use "Any" - If you accidentally go to Address2, you'll be rerouted to your website; otherwise there's co conflict.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    I can't use "any" because I get the following message saying it collides with the virtual webserver-object used by WAF. This object is configured to use the scond address of the WAN link.

    The TCP port '443' wird bereits durch das 'Exchange SSL'-Attribut im virtual webserver-Objekt '' benutzt.
  • 0
    This must be one of the "improvements" in V9. [;)]

    Seriously, I think this is a design error and that you should submit a ticket to support so that the developers can change this from a block to a warning.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Ok. I will submit a ticket. Thanks.
  • 0
    Just to give the info:
    Support told me that this is by design and no bug.

    There is a feature request to change this:
    User Portal: Configure listening on more than one interface
  • 0
    Please PM me the Case ID of your support ticket.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Supposing that you have to WAF-servers using port 443. You have to change one
    Administrators do the design and changes to be easiest for end-users
    8443 is too for standart use. You can even add a service in the records of your domain where portal.domain.com points to x.x.x.x:8443
  • 0
    doing a nat rules  for https will solve this, but you have to exclude the serves from WAF 
    DNAT from any going to external address2 > to Server: 443
  • 0
    Just to be clear, our V8 Astaro has been running like this for a long time - here's another reason to wait for V9 to "ripen" before upgrading. [:O]

    That said, Olsi's idea should work.  Put the User Portal on a different port, and then create a NAT rule for "External (Address)" and "Internal (Address)" that DNATs 443 to the new port with the new Destination left empty.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    NOTE: This doesn't work in V9 at present.  I mis-read the email...

    OK, here's the workaround communicated to me by Alan Toews.  I did a face-palm on this one... [:D]

    Delete/disable the virtual server on port 443.  Configure the User Portal to use "Any."  Create/enable the virtual server on port 443.

    TPok, maybe the Support team there would be interested in this.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner