Sophos User Portal - Not Allowing External Networks/No Connection

select "allow all users" apply it and try again.

This doesn't work - I'm not even sure why it would as it's a connection issue and not a user issue anyway. 

also check the basics:

advanced / Network Settings.. check for right port (443) and right adresses for your environment

I'm currently checking this on my iPhone 6 running the latest OS and using Safari - still no joy :( It says: "Safari cannot open the page because the network connection was lost".

I've tried using the external address - i.e. x.x.x.x:443 

I've also changed the hostname of the portal and added a DNS record pointing to the external address of the Sophos UTM on our DNS server, but Safari then says it can't find the server "company.co.uk". I suspect that's a different issue, though. 

I've just tested this internally using Internet Explorer and I can access the user portal fine. It seems to be rejecting outside addresses for some reason... 

seems your dns-record is not right configured.. not the internal dns the dns record in the internet that points to your external ip adress of the wan interface..

checking is simple:

open cmd on a windows pc. type nslookup   / type server 8.8.8.8   / type your domain

so you can check if the google dns server can find right adress for your dns-name...

It can find 'companyname.co.uk', but when I try 'company-portal.companyname.co.uk', it can't find it. But that is using Google as a DNS server. 

I thought the query would come into our DNS server and it would resolve it, as long as the address was 'company-portal.companyname.co.uk' (considering companyname.co.uk works outside). 

However, there does still seem to be something wrong on the Sophos configuration because it still doesn't work, even when using the external address (and therefore completely bypassing this DNS issue). 

need more detailed description to help..

- show your config page from user portal.

- have you any NATs configured?

- search log files....

This is the config page from the user portal:

The only NATs we have configured are for customer VPNs. 

I can't see anything in the log files (although, to be honest, I'm not entirely sure what I'm looking for). 

do you have ssl-vpn running at same interface / port ?

Yes - same port. Should it not be? 

Yes - same port. Should it not be? 

i recommend to run at differnet ports... or if you have more than 1 wan line bind ssl-vpn to one wan and user portal to the other...

if you run different port you need to use the ports then in the urls for the portal... or for the ssl-vpn-configuration...

I've tried changing the ports to no avail. It's still the same on the internal network - whether I use port 443 (same as the SSL VPN) or a different one like 1066, I can access the user portal internally. However, when trying to access it externally, the page doesn't load at all, regardless of what ports I try. There seems to be something blocking the connection, but I'm not really that up to speed with networking so I'm not entirely sure. 

how do you test the external behaviour?

is it a real external client?

if its a windows os please check also if firewall is configured right (or just deactivate this buggy so called firewall)..

its hard to support more cause i need logs...

what type of wan connection you got? is it a modem.. another router?

Yes, as I said earlier - I'm testing it on my iPhone using the 4G connection, so it's not linked to the work network whatsoever. 

Router, I believe. What logs do you need? I'm happy to supply any to find the route cause of this issue. 

I think Zaphod's question about a NAT rule was interesting.  You have an External interface IP in the 'Listen Address' - how do people reach that from the Internal network?

Cheers - Bob