Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 23 replies
  • Subscribers 1 subscriber
  • Views 7456 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

remote ssl vpn conflits whith https

gnomme
If I enable remote ssl vpn I loose conectivity to my https for my internal webserver...is it a bug?


This thread was automatically locked due to age.
  • 0 in reply to Lionking
    Hi,

    same experience here with 7.401. When I've the DNAT HTTPS rule for our Outlook Web Access site enabled, the SSL client cannot connect, 'connection reset' error. Once I disable the DNAT rule I can successfully connect, but of course the outlook web access site is inaccessible which is unwanted. So for now it one or the other.

    Franc.
  • 0 in reply to FrancWest
    Franc, the problem is that your DNAT captures anything that hits your SSL or OWA.  How would it know the reason you were connecting on port 443?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Has anyone tried changing the ssl vpn protocol to udp? Would that not allow you to keep your dnat for https tcp and use both on port 443?
  • 0 in reply to dilandau
    Sorry, my mistake.. I thought it could do some 'magic' in determining if it's VPN traffic or normal HTTPS traffic and act upon it accordingly.

    Franc.
  • 0 in reply to dilandau
    Has anyone tried changing the ssl vpn protocol to udp? Would that not allow you to keep your dnat for https tcp and use both on port 443?


    Yes, tried it, it works!
  • 0 in reply to Lionking
    Thanks, dilandau & Jörgen.  You reminded me that there was a discussion last fall about this: https://community.sophos.com/products/unified-threat-management/astaroorg/f/58/t/53204.

    In googling about this just now, I found some claims of dramatic increases in throughput with UDP, but I would think that there would be situations where that wouldn't be true.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to Lionking
    Yes, tried it, it works!


    [:O]Worked?? I tried and didnt work!
  • 0 in reply to gnomme
    Did you delete the client from your PC, then re-install it?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Did you delete the client from your PC, then re-install it?


    no...I edit the config client and changed the port to 443
  • 0 in reply to gnomme
    Same problem: Have an internal web server that I changed to require https: and changed DNAT rule accordingly. Now SSL clients do not work and the portal is inaccessible, because port 443 is routed to the web server.

    So, it's clear where to change the Remote Connection port and protocol. I changed it to UDP, but the client does not connect. I do not see anywhere to edit the client config for protocol? I am reluctant to change the port because of remote firewall issues (home and hotel firewalls may block obscure ports)

    That still would not resolve the problem of connecting to the portal to download a new client.

    If there is no happy solution to the portal issue, I could request an additional ip address for my webserver.
Cookie Information Banner