I use a SOPHOS on UTM 9.
I have a website behind it on Win Server 2012 R2 / IIS 8 created with a subdomain (e.g. myaccess.mydomain.com).
On UTM9 i had do what Stephane say on "serverfault -> sophos access a webserver from the web" and I can acces my website without problem on HTTP.
I want to access it with HTTPS (rules and certificate are created/linked and local tests works).
In UTM 9 I had activate the User Portal cause we use VPN. VPN is configured in SSL with an other subdomain/domain (e.g. vpn.mydomain2.com) in TCP with standard HTTPS port (443).
Rules on UTM9 Firewall are basics. HTTP, HTTPS are authorized.
In case, i added a rule on Firewall like that :
|-----------------------------------------------------|
| FROM | PROTOCOLS | TO |
|-----------------------------------------------------|
| Internet IPv4 | HTTP | myaccess.mydomain.com |
| Internet IPv6 | HTTPS | |
| LAN (Network) | MS SQL | |
| WAN (Network) | | |
|-----------------------------------------------------|
All "FROM" on all "PROTOCOLS" on "TO" are unblocked for the firewall.
Actual situation :
- Access on
myaccess.mydomain.com
over HTTP is ok and I see the website. - Access on
myaccess.mydomain.com
over HTTPS redirect me directly on the User Portal Sophos login page (on https) like if I usevpn.mydomain2.com
.
I want to acces on myaccess.mydomain.com
over HTTPS and don't be intercepted by the user portal.
Thanks for help, sorry for bad english and say if you need more precisions.
Best Answer
Sophos UTM 9 SSL VPN defaults to port
443
. For most this is useful as default HTTPS port443
rarely gets blocked by any firewall. However, if you need the port for something else, both can't be listening to it simultaneously.Therefore, you need first change the port from UTM9 > Remote Access > SSL > Settings.
Here, the port is
7443
. It changes both the port used for the OpenVPN and for the user portal.Now that the port
443
is available, you can use it as you wish; you could add the UTM9 > Webserver Protection > Web Application Firewall > Virtual Webserver to port443
, if your license allows that feature. (Supposedly it does, as you were able to use it with HTTP.)