Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 26 replies
  • Subscribers 1 subscriber
  • Views 16936 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN inbound thru UTM to 2012 R2 server

justinhow
I am interested in allowing Windows clients to directly VPN or Direct Access to my 2012 R2 server which is on the internal network. Can anyone help me on how I would allow/direct this traffic inbound, rather than the tunnel terminate at the UTM. 
I am familiar with DNAT, firewall rules etc but am not sure if letting VPN through is slightly different than the usual HTTP port 80 type stuff as it can also terminate at the firewall.
Also any big pros and cons as to which is best (tunnel into UTM or internal Server).
Thanks


This thread was automatically locked due to age.
Parents
  • 0
    I added the 'Web surfing' protocols group to the 'VPN Extended Protocols' because I saw dropped TCP 80 and 443 packets.

    You can make that work, but it will make it more difficult to participate in the "culture" of the UTM.  Better to make a separate NAT rule for 443/80 inbound and use automatic firewall rules for both DNATs.  In fact, that comment is on a different topic and so should have been posted in a new thread.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    I added the 'Web surfing' protocols group to the 'VPN Extended Protocols' because I saw dropped TCP 80 and 443 packets.

    You can make that work, but it will make it more difficult to participate in the "culture" of the UTM.  Better to make a separate NAT rule for 443/80 inbound and use automatic firewall rules for both DNATs.  In fact, that comment is on a different topic and so should have been posted in a new thread.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML