4

I use a SOPHOS on UTM 9. I have a website behind it on Win Server 2012 R2 / IIS 8 created with a subdomain (e.g. myaccess.mydomain.com).

On UTM9 i had do what Stephane say on "serverfault -> sophos access a webserver from the web" and I can acces my website without problem on HTTP.

I want to access it with HTTPS (rules and certificate are created/linked and local tests works).

In UTM 9 I had activate the User Portal cause we use VPN. VPN is configured in SSL with an other subdomain/domain (e.g. vpn.mydomain2.com) in TCP with standard HTTPS port (443).

Rules on UTM9 Firewall are basics. HTTP, HTTPS are authorized. In case, i added a rule on Firewall like that :

|-----------------------------------------------------|
|    FROM       |  PROTOCOLS  |   TO                  |
|-----------------------------------------------------|
| Internet IPv4 | HTTP        | myaccess.mydomain.com |
| Internet IPv6 | HTTPS       |                       |
| LAN (Network) | MS SQL      |                       |
| WAN (Network) |             |                       |
|-----------------------------------------------------|

All "FROM" on all "PROTOCOLS" on "TO" are unblocked for the firewall.

Actual situation :

  • Access on myaccess.mydomain.com over HTTP is ok and I see the website.
  • Access on myaccess.mydomain.com over HTTPS redirect me directly on the User Portal Sophos login page (on https) like if I use vpn.mydomain2.com.

I want to acces on myaccess.mydomain.com over HTTPS and don't be intercepted by the user portal.

Thanks for help, sorry for bad english and say if you need more precisions.

Community
  • 1
Alex L
  • 41
  • 1
  • 5

1 Answers1

1

Sophos UTM 9 SSL VPN defaults to port 443. For most this is useful as default HTTPS port 443 rarely gets blocked by any firewall. However, if you need the port for something else, both can't be listening to it simultaneously.

Therefore, you need first change the port from UTM9 > Remote Access > SSL > Settings.

UTM9 SSL VPN Settings

Here, the port is 7443. It changes both the port used for the OpenVPN and for the user portal.

Select the network protocol, address and port that all SSL VPN clients must use. By default, this is set to TCP port 443 on any address. Note that port 10443, the Sophos UTM Manager port 4422 and the port used by WebAdmin can not be used.

Now that the port 443 is available, you can use it as you wish; you could add the UTM9 > Webserver Protection > Web Application Firewall > Virtual Webserver to port 443, if your license allows that feature. (Supposedly it does, as you were able to use it with HTTP.)

Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122