Sophos UTM 9.4.X SSL VPN or whitelist MAC addresses. You can also note that with SoPhos SSL Vpn you can use other clients and still connect to it so if you had a computer savy user they would be able to connect even if you prevent access to the SSL Vpn client. If I could locate the log of the VPN Pool (SSL) IP list it might show me the. Authentication, whole disk encryption, firewall, SSL certificates, data security issues, and Records Center storage. This tutorial explains how to install Sophos on a UI owned computer running Windows. How do I setup a VPN for OSX?
One of the great benefits deploying Sophos UTM in your home network is the ability to configure a VPN with incredible ease. For those that are unfamiliar, a VPN (stands for Virtual Private Network) enables you to access your home network from anywhere in the world as long as you have an internet connection.
This can be useful for many reasons. Here are a few: VPN Benefits. The ability to access internal devices at home without opening up your firewall (Remote Desktop or VNC, for example). Encrypting your traffic so it cannot be intercepted and manipulated (While in an airport or a coffee shop, for example). Making your online presence appear in a location other than your current one (Some use this to access Netflix and other services from outside the U.S.) There are many different types of VPNs (IPSec, L2TP over IPSec, PPTP etc), where the difference is encryption patterns. Here I’ll explain how to set up an SSL VPN specifically. SSL VPN Benefits SSL VPNs are not necessarily the most secure of the aforementioned options, but it is more than sufficient for home use. One benefit that makes an SSL VPN especially useful is the convenience of availability.
Most VPN encryption protocols require specific ports to be open in order to work. For example, if you’re at work and try to connect to a PPTP VPN, it won’t work because your company has not opened up port 1723 (the port PPTP uses) on their network. Generally, enterprises will not poke holes in their firewall for you to access an external VPN. SSL VPN uses port 443 for encryption just like all secure websites (those with “http s://” in front of them). The only way to block an SSL VPN is to block port 443, and considering that for secure transfer, it is not likely to be blocked. This guide takes you through setting up a Sophos UTM SSL VPN in 7 simple steps!
Set up Users If you haven’t already set up users on your network, you will need to implement at least one. You will use this user to access the User Portal, which will be discussed later.
As you can see, I create two users for this purpose. This simplifies configuration on the client end.
Configure “lanssl” as a user, and “wanssl” as another user. These names will come to make sense in step 2.
Configure SSL VPN Here we will configure the actual Sophos UTM SSL VPN service. We will create two profiles where each of the previous two users (lanssl, and wanssl) will be used.
“lanssl” will be the profile used to simply access devices on our local network from an external location. “wanssl” will be used to access our local network, plus the Internet through our SSL VPN. Here are the reasons we have both: Lanssl purposes:. Connect only to our local network. Do not backhaul web browsing traffic through Sophos UTM (this will not fulfil the purpose of encrypting Internet traffic) Wanssl purposes:. Change online presence to the location of our Sophos UTM. Encrypt all web browsing through Sophos UTM in public locations (this will slow browsing depending on your speeds).
Access services like Netflix outside of U.S.If you don’t wish to have two different types of VPNs, then you can simply enter a user here. For example, I could drag “Ethan” into “Users and Groups” and log in remotely using my user credentials. You could then omit the creation of “lanssl” and “wanssl” as users.
Configure “lanssl”. Here we place “Any” into the Local Network box. This tells the profile to take all traffic back through the Sophos UTM.On both configurations ensure the Automatic Firewall Rules option is selected. Configure Masquerading Rule A masquerading rule simply takes your private IP addresses that you use on your local network and disguises or masquerades them behind your public IP address.
To configure the rule:. Go to Network Protection NAT. Under Masquerading select New Masquerading Rule. Set Network to Any and Interface to External (WAN). Set Up Dynamic DNS Name One important factor when using a VPN is that your device knows where to locate your VPN Server from a global perspective. In order for your UTM to configure the VPN profile correctly, it needs to know a “name” for your external IP address. The easiest way to do this is to configure a Dynamic DNS name.
Sophos Ssl Vpn Client For Mac
Read Etienne’s post on for a quick walkthrough on how to set this up. When you download the VPN profile from Sophos UTM’s User Portal (see below), it will include the UTM’s Dynamic DNS name, so that your clients can connect to the UTM from anywhere! Configure Clients Now that the Sophos UTM’s SSL VPN settings are configured, lets configure some clients to access the VPN. We will configure three different clients.
Mac OS X using TunnelBlick. iOS using OpenVPN,. Windows 7 using the provided software.
Mac OS X Configuration To access your Sophos UTM’s SSL VPN from Mac OSX:. First, download and install it. Tunnelblick is a free, open source graphic user interface for OpenVPN on OS X. Access the User Portal from anywhere by using the Dynamic DNS name configured in step 6.
For example, if the name I configured was “test.ddns.net”, I would type in:. Once on the webpage (you’ll notice it looks very similar to the WebAdmin page), login with the lanssl user account. You will then see this page. On the Remote Access tab, click the third option to Download the ZIP archive for Mac OS X and Linux.
Extract the zip to reveal the file with an extension of “.ovpn”. Double-click this file and it will ask you to import it into TunnelBlick. Click Connect, enter your credentials for lanssl and you will be connected to your VPN!.The process is identical for the wanssl profile and will simply show up as a second option in TunnelBlick once imported.
IOS Configuration To access your Sophos UTM’s SSL VPN from an iOS device (iPhone/iPad):. First,. Again, access the User Portal as in step 2 of Step 7a. This time, select the fourth install option to configure Android and iOS. You will be presented with this page. Select the + icon to import the VPN profile. Enter your credentials for the required username profile (depending on if you want to only access Internal devices, or backhaul all Internet traffic through the UTM as well) and you will be connected.
Windows Configuration Windows configuration is so simple that all you need to do is select the first download option from the UTM’s User Portal to install the software. After it is installed, right-click the traffic light in the bottom right hand corner of your screen and click Connect.
Community members shall conduct themselves with professionalism. Members are expected to follow the basic rules of. Keep discussions civil 2. Posts should be related to Sophos as a company or its products 3. Posts from your own blog are welcome, as long as disclosure is made, they are relevant to the sub, and follow Reddit rules regarding Useful Links. Blogs.
Award-winning computer security news. General Announcements Social Media. Youtube Channels / Videos. Official How-to videos for the XG. How-to videos. XG/UTM Cloud How-to videos Other sub-reddits.
For your support-related relief needs. General Sysadmin topics and rants. Support stories from the trenches.
I have been noticing an odd issue when connected via SSL VPN where anything I try to access using HTTP or HTTPS is hit or miss. It doesn't matter if I am accessing the Sophos admin portal or the web interface of a NAS or PBX, the results are frustrating at best. Most times my browser will simply sit and load forever, never timing out unless I disconnect the VPN at which point it times out immediately.
When I am able to get connected to a device, it usually only lasts a few minutes until the site starts to not respond at which point I cant reconnect. If I use any other protocol I do not see this problem. SSH, FTP, RDP, VNC, all are rock solid. Ping times are great and there is no packet loss to these devices. I work for an MSP and manage about a dozen XP firewalls, this issue is present on all of them. Firmware version does not seem to matter.
Sophos Xg Ssl Vpn Client For Mac Os X
I spun up a clean firewall in VMware today running 17.03 and I am experiencing the same thing. I am happy to discuss settings but as I stated everything works fine other than HTTP(S). I have not reached out to support yet as this has only hindered me and my administration at this point. However I know that is only going to last so long and I am concerned about this becoming a big problem in the future. Does anyone else notice any problems like this? As far as the sophos admin portal I noticed if I toggle HTTPS admin services off and on for the VPN zone I can usually get it to work, but only for so long.
As for other devices, its a crap shoot. I never know when it will or wont work. I have connected from different computers using different operating systems, connecting from different public ip address that are behind different firewalls. The results are always the same.