Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 3934 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Single IP with SSL VPN and HTTPS?

autumnwalker
Hello,

I have a single, external IP address and I am wondering if there is any way that I can run both an SSL VPN and an HTTPS web server on port 443?

Can the UTM distinguish based on domain / subdomain - e.g. vpn.domain.com and www.domain.com?

Thanks!


This thread was automatically locked due to age.
  • 0
    Switch the VPN to UDP Protocol instead of TCP.  That not only avoids conflicts, but also accelerates your VPN connection.

    Cheers - Bob
    PS I haven't tried it, but I would expect that your approach would work using Webserver Protection, but it definitely wouldn't with a DNAT.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Bob - thanks for your reply. Although your solution does work I forgot to stipulate that both SSL VPN and HTTPS have to be on TCP as UDP is blocked on most networks I try to connect from.
  • 0
    I tried to setup webserver protection, but when I change the SSL VPN protocol to TCP it says that TCP 443 is already in use by one of my virtual webservers.

    Thoughts?
  • 0
    You can use a non-standard port (greater than 1023) with TCP for the SSL VPN or listen on an additional WAN address not being used by a WAF virtual server.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    You can use a non-standard port (greater than 1023) with TCP for the SSL VPN or listen on an additional WAN address not being used by a WAF virtual server.


    Thanks Scott - unfortunately these networks (hotels, etc) generally block non-standard TCP ports.

    The main issue I'm trying to avoid is procuring an additional WAN address [:)]

    Also - I updated my signature to show the current version of UTM I am running - 9.305-4
  • 0 in reply to autumnwalker
    Really just need an additional address -- this is typically available for most business connections... and even some consumer ISPs will offer multiple IPs for an additional fee.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Unfiltered HTML