Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 23 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 37032 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos User Portal - Not Allowing External Networks/No Connection

TitanRob16

Hi all,

I'm currently struggling to set-up the Sophos UTM 9 User Portal. It works fine on our internal wireless network (which acts as an external network), but when I try connecting to the user portal through my iPhone or computer at home, I receive a "this page cannot be displayed" error. It seems something is blocking it, even though the user portal has been set to accept any networks. Has anyone come across this before? How should I go about resolving this? 



This thread was automatically locked due to age.
  • 0 in reply to zaphod

    This is the config page from the user portal:

    The only NATs we have configured are for customer VPNs. 

    I can't see anything in the log files (although, to be honest, I'm not entirely sure what I'm looking for). 

  • 0 in reply to TitanRob16

    do you have ssl-vpn running at same interface / port ?

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • 0 in reply to zaphod

    Yes - same port. Should it not be? 

  • 0 in reply to TitanRob16

    i recommend to run at differnet ports... or if you have more than 1 wan line bind ssl-vpn to one wan and user portal to the other...

    if you run different port you need to use the ports then in the urls for the portal... or for the ssl-vpn-configuration...

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • 0 in reply to zaphod

    I've tried changing the ports to no avail. It's still the same on the internal network - whether I use port 443 (same as the SSL VPN) or a different one like 1066, I can access the user portal internally. However, when trying to access it externally, the page doesn't load at all, regardless of what ports I try. There seems to be something blocking the connection, but I'm not really that up to speed with networking so I'm not entirely sure. 

  • 0 in reply to TitanRob16

    how do you test the external behaviour?

    is it a real external client?

    if its a windows os please check also if firewall is configured right (or just deactivate this buggy so called firewall)..


    its hard to support more cause i need logs...


    what type of wan connection you got? is it a modem.. another router?

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • 0 in reply to zaphod

    Yes, as I said earlier - I'm testing it on my iPhone using the 4G connection, so it's not linked to the work network whatsoever. 

    Router, I believe. What logs do you need? I'm happy to supply any to find the route cause of this issue. 

  • 0 in reply to TitanRob16

    I think Zaphod's question about a NAT rule was interesting.  You have an External interface IP in the 'Listen Address' - how do people reach that from the Internal network?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    HI Rob,

    Please check if there is a DNAT configured to map traffic hitting on the External IP <address> over port 443!

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    sachingurung said:

    HI Rob,

    Please check if there is a DNAT configured to map traffic hitting on the External IP <address> over port 443!

    Thanks

    Hi, thanks for the reply! This looks like it could be it as there is no DNAT rule configured for the SSL VPN. 

    As you can see from the screenshot below, I've got any traffic using any service going to the external IP. I'm not sure how I can set this to say "external IP using port 443", as I just have the external IP set in this network definition. Or is the port setting picked up in the User Portal settings? I'm quite confused by it... 

    Also, where am I forwarding this to? Would it be the VPN Pool? Networking is evidently not my strong suit. 

Unfiltered HTML