If you're using the SSL remote access VPN, make sure VPN Pool (SSL) is in the allowed networks list in the DNS tab under Network Services. Make sure to turn on automatic firewall rules in the VPN profile or add a firewall rule for VPN Pool (SSL) -> Any -> Internet. Make sure to add a masquerading rule for VPN Pool (SSL) -> WAN (primary interface) in Network Protection -> NAT. Also check in Remote Access -> Advanced to make sure the UTM's IP is in the DNS server #1 box.
@@G6TechnologyServices Hi Sir, I got home license txt from sophos, but when i uploaded it, it showed "Cannot use ASG software license on SG125 device. ", do you know how can i solve it? I got the license from this link secure2.sophos.com/en-us/products/free-tools/sophos-utm-home-edition/download.aspx
The license price depends on the hardware you are using. The license for the SG105 runs about $100 for a 3-year license. A distributor will be able to give you exact pricing.
The home license is not supported on the official hardware. Some people have reported success wiping the device and installing the software appliance ISO (asg) rather than the hardware license (ssi). Let me know if you get it to work. www.sophos.com/en-us/support/utm-downloads.aspx
Thank you very much for the video. I appreciate you going very in depth with how and what to configure on the Web Admin. I have a question, my company is currently using 3 different ISP's, with 3 different public IP addresses. When I've setup the remote access using SSL VPN and connect my machine to the company network, I can see in the logs that it tries to connect using ISP #2 public IP address. Is there a way for me to change it to let's say ISP #3 public IP address? Because from my understanding I can access the Web Admin using all 3 public IP addresses with the same port.
Yes, you can do that. In Remote Access > SSL > Settings, you should find that Interface address is set to Any. If you want to prohibit SSL VPN connections on the other WAN IP addresses, change this to the address you want to use for SSL VPN. If you set the interface to one IP, you won't be able to connect on the others. If you want to be able to connect to the SSL VPN from any of your public IPs, but prefer a specific one, leave it set to Any. To make the SSL VPN client connect on a specific IP, create a public DNS record that points to the IP you want to use (like sslvpn.example.com), put that domain in the Override hostname box in Remote Access > SSL > Settings and re-export your SSL VPN config on your client devices. It should then connect to the IP specified in the new DNS record.
hi. im confuse about the DNS setup, i would like to setup my internal server IP to make it a name for the user to type and not the server ip address every time they log in to the server thanks in advance
You can add a RADIUS server to UTM 9 in Definitions & Users > Authentication Services > Servers. After the RADIUS server is added, you can add the group in Definitions & Users > Users & Groups > Groups. Make sure to select Group type: Backend membership. Then you should be able to use that group in allowed users lists. You can also go to Definitions & Users > Authentication Services > Global Settings and check the box next to Create users automatically to be able to assign individual users without having to create them manually. A user object will be created for each user the first time they log in to a UTM service. Here is some extra information: community.sophos.com/kb/en-us/116144
Try editing the SSL VPN profile and putting "Any" in Local Networks and check Automatic Firewall Rules. You may need to re-download the SSL VPN profile on the computer you are using.
Hi thanks for the video. I went through all the steps and elected to dowload the files for IOS. this however gives me a mobileconfig file which cant be imported to the OpenVPN App. How can i go about this? Thanks!
Can you forward me to the video where the utm can be accessed from a different network by using the the utm external gateway IP. I am very new to this and im trying to access my home utm from a friends house without needing to connect to a VPN.
I'm not sure what you want to do exactly. Do you just want to access WebAdmin remotely or some computer inside your network? If you want to access WebAdmin, you would just go to [public-ip]:4444 and if you need to access an internal computer, you could use NAT (port forwarding) which you can set up by following this video: ruclips.net/video/0ArbUf-iYfQ/видео.html .
@@G6TechnologyServices I tried accessing the webadmin from a different network by typing my public ip:4444 but it cant be reach. Is there something I should look at on the UTM to enable it or fix it? Thanks for your time and quick response :)
Sir i already remote on our network in my company using my laptop but when im login in ssl vpn using my isp iat my house then when i browse youtbe in my laptop i cant access ..whats the problem sir??tnx in afvance
There could be several things causing that. Make sure to have the SSL VPN profile set up with Any in Local Networks and automatic firewall rules enabled, then make sure there is a masquerading rule for "VPN Pool (SSL)". Also make sure to put a DNS server in Remote Access > Advanced.
@@G6TechnologyServices I'm using windows 10 and chrome as the browser. The certificate seems to be installed but it still sais in the search bar that the website is not secure. Oh and btw, do web protection filters apply to websites with HTTPS protocol or just HTTP, because it's not working for me even when i setup a white list. But the tab "Application Control" in "Web protection" seems to be doing the trick.
If it still says it is not secure after restarting the computer, try to install the certificate again and make sure to select the correct certificate store. Web protection should apply to both HTTP and HTTPS traffic. Are you in standard or transparent mode for web protection? In the HTTPS tab of the Web Protection area, is it on URL filtering only?
@@G6TechnologyServices oh wow.. Um. This is really weird but it's working now. All i did was remove the firewall rule and the nat rule then make new ones with the same settings and its working now for some reason. That's so weird. Anyways thanks for your help.
You are the go to people for UTM 9 help. Well explained and thorough. Thanks again
I'm glad you liked the video! :)
@@G6TechnologyServices I realised that I am unable to browse when connected to VPN. I have selected ANY local networks. Any ideas mate?
If you're using the SSL remote access VPN, make sure VPN Pool (SSL) is in the allowed networks list in the DNS tab under Network Services. Make sure to turn on automatic firewall rules in the VPN profile or add a firewall rule for VPN Pool (SSL) -> Any -> Internet. Make sure to add a masquerading rule for VPN Pool (SSL) -> WAN (primary interface) in Network Protection -> NAT. Also check in Remote Access -> Advanced to make sure the UTM's IP is in the DNS server #1 box.
@@G6TechnologyServices I was missing the masquerading rule but now it works so so perfectly! Thanks again saved me time
I'm glad you got it working!
Thank you! This video is clear as can be. Recommended! Saved me a lot of time.
I'm glad the video helped you!
This video is so useful! You deserve more likes!
Thanks! Glad you liked the video!
@@G6TechnologyServices Hi Sir, do you know how much is the Sophos vpn business license?
@@G6TechnologyServices Hi Sir, I got home license txt from sophos, but when i uploaded it, it showed "Cannot use ASG software license on SG125 device.
", do you know how can i solve it?
I got the license from this link
secure2.sophos.com/en-us/products/free-tools/sophos-utm-home-edition/download.aspx
The license price depends on the hardware you are using. The license for the SG105 runs about $100 for a 3-year license. A distributor will be able to give you exact pricing.
The home license is not supported on the official hardware. Some people have reported success wiping the device and installing the software appliance ISO (asg) rather than the hardware license (ssi). Let me know if you get it to work. www.sophos.com/en-us/support/utm-downloads.aspx
Thank you very much for the video. I appreciate you going very in depth with how and what to configure on the Web Admin. I have a question, my company is currently using 3 different ISP's, with 3 different public IP addresses. When I've setup the remote access using SSL VPN and connect my machine to the company network, I can see in the logs that it tries to connect using ISP #2 public IP address. Is there a way for me to change it to let's say ISP #3 public IP address? Because from my understanding I can access the Web Admin using all 3 public IP addresses with the same port.
Yes, you can do that. In Remote Access > SSL > Settings, you should find that Interface address is set to Any. If you want to prohibit SSL VPN connections on the other WAN IP addresses, change this to the address you want to use for SSL VPN. If you set the interface to one IP, you won't be able to connect on the others. If you want to be able to connect to the SSL VPN from any of your public IPs, but prefer a specific one, leave it set to Any.
To make the SSL VPN client connect on a specific IP, create a public DNS record that points to the IP you want to use (like sslvpn.example.com), put that domain in the Override hostname box in Remote Access > SSL > Settings and re-export your SSL VPN config on your client devices. It should then connect to the IP specified in the new DNS record.
i'm not able to connect other network devices to my network
THANK YOU SO MUCH!!! you saved my day! although im a little bit confuse using local and public ip but still i've made it because to this video.. ♥
You're welcome! I'm glad the video helped you! :)
Tried to connect using the Sophos client, unable to connect DNS resolution failed for gateway, please help
Never Mind Solved. Was a hostname issue.
hi. im confuse about the DNS setup, i would like to setup my internal server IP to make it a name for the user to type and not the server ip address every time they log in to the server
thanks in advance
You would need to make a host type network definition and specify a DNS name. community.sophos.com/kb/en-us/119097
Hi,
What’s the procedure for adding User Groups via RADIUS client?
Also RADIUS server authentication process ?
You can add a RADIUS server to UTM 9 in Definitions & Users > Authentication Services > Servers. After the RADIUS server is added, you can add the group in Definitions & Users > Users & Groups > Groups. Make sure to select Group type: Backend membership. Then you should be able to use that group in allowed users lists. You can also go to Definitions & Users > Authentication Services > Global Settings and check the box next to Create users automatically to be able to assign individual users without having to create them manually. A user object will be created for each user the first time they log in to a UTM service. Here is some extra information: community.sophos.com/kb/en-us/116144
i have done all those thing but i cannot connect any server only firewall. where can be the mistake ?
Try editing the SSL VPN profile and putting "Any" in Local Networks and check Automatic Firewall Rules. You may need to re-download the SSL VPN profile on the computer you are using.
Thank you ! Very nice video....its working great .
Great, I'm glad it helped you!
Hi thanks for the video. I went through all the steps and elected to dowload the files for IOS. this however gives me a mobileconfig file which cant be imported to the OpenVPN App. How can i go about this? Thanks!
You need to use the last option: “Click here to install the SSL VPN configuration on your Android™ or iOS™ device.”
thank you. your video is so useful
You're welcome! I'm glad you liked the video!
Can you forward me to the video where the utm can be accessed from a different network by using the the utm external gateway IP. I am very new to this and im trying to access my home utm from a friends house without needing to connect to a VPN.
I'm not sure what you want to do exactly. Do you just want to access WebAdmin remotely or some computer inside your network? If you want to access WebAdmin, you would just go to [public-ip]:4444 and if you need to access an internal computer, you could use NAT (port forwarding) which you can set up by following this video: ruclips.net/video/0ArbUf-iYfQ/видео.html .
@@G6TechnologyServices I tried accessing the webadmin from a different network by typing my public ip:4444 but it cant be reach. Is there something I should look at on the UTM to enable it or fix it?
Thanks for your time and quick response :)
Look in Management > Web Admin Settings > Allowed Networks and make sure Any is in there and press Apply.
Thanks from Germany :-)
You're welcome! I'm glad you liked the video! :)
Sir i already remote on our network in my company using my laptop but when im login in ssl vpn using my isp iat my house then when i browse youtbe in my laptop i cant access ..whats the problem sir??tnx in afvance
There could be several things causing that. Make sure to have the SSL VPN profile set up with Any in Local Networks and automatic firewall rules enabled, then make sure there is a masquerading rule for "VPN Pool (SSL)". Also make sure to put a DNS server in Remote Access > Advanced.
I'd give you 10.000 likes if I could. Thanks for your video.
Thanks! I’m glad you liked the video!
Excellent !!!
Glad you liked the video!
I've installed the ssl certificate but it still sais that it's not secure.
Try restarting the computer. Sometimes that is needed. What browser and operating system are you using?
@@G6TechnologyServices I'm using windows 10 and chrome as the browser.
The certificate seems to be installed but it still sais in the search bar that the website is not secure.
Oh and btw, do web protection filters apply to websites with HTTPS protocol or just HTTP, because it's not working for me even when i setup a white list. But the tab "Application Control" in "Web protection" seems to be doing the trick.
If it still says it is not secure after restarting the computer, try to install the certificate again and make sure to select the correct certificate store. Web protection should apply to both HTTP and HTTPS traffic. Are you in standard or transparent mode for web protection? In the HTTPS tab of the Web Protection area, is it on URL filtering only?
@@G6TechnologyServices it's on decrypt and scan and yes I've installed the https certificate.
I'm using it as a transparent proxy.
@@G6TechnologyServices oh wow.. Um. This is really weird but it's working now.
All i did was remove the firewall rule and the nat rule then make new ones with the same settings and its working now for some reason. That's so weird.
Anyways thanks for your help.