Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 9023 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dynamic Dns works, cant access user portal or VPN anymore

Andrea Peccerillo

Hello everyone, i have been running sophos UTM 9 for quite a while now. I used it as a router for my home network with a very simple configuration 

ISP router-->Sophos UTM9--> Switch-->Local network 

Ip addresses on isp router network is 192.168.0.x

Ip addresses on local network is 192.168.1.x

I have VPN connection and a dynamic DNS set up on the sophos so that i can remotely access my freenas server and some other stuff from my home network.

Everything has been working great until few weeks ago when i moved out to another flat with a different ISP( at least i think thats the reason), same network configuration, same servers but i'm no longer able to access user portal, or connect via VPN to my local network from remote.

I can still access User Portal and the admin panel from my local network, everything else seem to be working fine and i know the ddns is working fine too.

 

Does anyone have a clue where should i start fixing this problem?

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Andrea,

    Is the User Portal configured on a custom port? Make sure in the Management> User portal> Allowed network tab, the VPN pool is added. Also, any help after doing a ON and OFF in the USer Portal global settings?

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    User portal Settings:

    Allowed Networks: Any

    Allow all users is checked

    network settings

    hostname: My ddns address

    listen address: any

    port 443

  • 0 in reply to Andrea Peccerillo

    Hi Andrea,

    Take a TCP dump and check if you receive traffic on port 443 and verify if there is any DNAT that has 443 service mapped to a particular IP address; if yes, remove the DNAT policy as mapping 443 port on another IP will conflict with user portal.

    DM me your public IP on UTM, I will try to access the User portal.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Okay lets see if i get this right

    Im configured in a cascading router scenario:

    INTERNET-->R1(ISP)-->R2(sophos)-->LAN

    so for everything to work i should forward ports from r1 to r2

    and for that i enabled the DMZ on 192.168.0.2 which is sophos wan address. That should open all the ports on that ip, am i correct?

    So after that i should have my sophos UTM 9 dealing with protection and ports right?

     

    Now will i have to create nat rules on the sophos to get the vpn working from outside and get the access to user portal back? If so which ports and what services?

    I just dont understand why everything just worked with the previous isp...

Reply
  • 0 in reply to sachingurung

    Okay lets see if i get this right

    Im configured in a cascading router scenario:

    INTERNET-->R1(ISP)-->R2(sophos)-->LAN

    so for everything to work i should forward ports from r1 to r2

    and for that i enabled the DMZ on 192.168.0.2 which is sophos wan address. That should open all the ports on that ip, am i correct?

    So after that i should have my sophos UTM 9 dealing with protection and ports right?

     

    Now will i have to create nat rules on the sophos to get the vpn working from outside and get the access to user portal back? If so which ports and what services?

    I just dont understand why everything just worked with the previous isp...

Children
  • 0 in reply to Andrea Peccerillo

    Hi,

    You should not have a DNAT policy that maps 443 on another IP address. I think my answer was unclear. I will edit it.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Ok, i didnt have any dnat set on the sophos, i just added one rule but i will delete it as soon as i get home.

     

    I did one test earlier. plugged my laptop on the ISP router and did a port test on 443 and it wasnt opened

     

    Did the same test on the sophos and got the same result. 

    I will send you my user portal link when i get home, i have got this feeling the problem is port forwanding between the routers.

     

    Thanks a lot for helping anyway.

  • 0 in reply to Andrea Peccerillo

    "i have got this feeling the problem is port forwanding between the routers." ... i think you are right.

    you do not need any firewall or NAT rule to access the userportal.

    but you need "any" within the allowed networks. (external interface network is not enough)


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML