• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation
Home > Defense > Sophos UTM Home Edition 5 – SSL VPN

Sophos UTM Home Edition 5 – SSL VPN

August 6, 2015 By Ken Smith

The topic of today’s post is setting up an SSL VPN through the Sophos UTM Home Edition. The ease-of-use VPN solution was one of my primary reasons for pursuing this particular UTM in the first place, and so I think it’s a topic definitely worth exploring. There are a variety of VPN options within the UTM. I’ll only be covering the SSL option here. If you are looking to set up a new UTM, start at the beginning and work your way back!

Setup

Remote Access Menu
Remote Access Menu

The setup process is very simple. From the UTM dashboard, select “Remote Access” from the left hand side of the screen.

The Remote Access Overview page is straightforward. It provides a quick snapshot of current remote sessions. Usernames, real names, and IP addresses are provided for users currently logged into the VPN. There are a handful of different options at your disposal when implementing a VPN through the Sophos UTM. I would encourage you to explore each and figure out which best suits your needs. If this is for a home setup, the SSL VPN should suit all of your immediate needs. To start configuring your VPN, select that sub-option from the left hand menu.

Remote Access Overview
Remote Access Overview

On the SSL VPN page, select “+ New Remote Access Profile.” In the new frame that appears, select those users or groups you would like to grant access to the VPN; you can also create new users and groups by clicking on the “+” which is a standard feature in Sophos as we saw in the Definitions and Rules post last week. Next, choose the specific networks to which you would like to grant your users access. If you want the UTM to decide what firewall rules to establish around your new VPN, leave the check box marked. Otherwise, leave it unchecked, but don’t forget to revisit the “Network Protection” area of the Dashboard to set the rules yourself.

Add a new SSL VPN Access Profile
Add a new SSL VPN Access Profile

User Portal

User Portal under Management
User Portal under Management

Once your new profile is set, click on “Management” and then “User Portal” from the Dashboard. The User Portal is a web-accessible page hosted on the UTM that allows users to perform a variety of functions including downloading the files necessary to install the SSL VPN client.

The “Allowed Networks” and “Allowed Users” tables in the “Global” tab allow you to keep access to the User Portal as locked down as you would prefer. Since I am the only person in my household with any need to access the VPN, I tend to keep the User Portal as private as possible. I am the only user allowed, and after I have installed/updated the VPN client, I will usually simply turn off the User Portal by turning the switch in the upper right hard corner of the page to “Off.”

User Portal Global Tab
User Portal Global Tab

The ‘Advanced” tab features additional options including the ability to disable certain items on the User Portal. If you only plan to use the portal to facilitate use of the SSL VPN, check all boxes except for the Remote Access box.

User Portal Advanced Tab (1)
User Portal Advanced Tab (1)

Scrolling a little farther down will give you the option to change the network settings of the User portal. If you only intend the User Portal for external access, change your address to your WAN interface. I recommend changing your port to something non-standard for a bit of obscurity. Don’t forget to apply any changes you make.

Advanced Tab (2)
User Portal Advanced Tab (2)

 

Notes

It’s worth noting that if your UTM is running out of your home, chances are pretty good that your ISP provides you a dynamic IP. In order to get to your User Portal (and VPN) from the Internet, you’ll have to know your public IP. DynDNS provides a relatively inexpensive method for managing this issue.  I’m not going to explore setting up DynDNS within the UTM today, but it is a well supported feature. The DynDNS options are available under DNS within the UTM’s options.

Share this...
  • Reddit
  • Email
  • Facebook
  • Twitter
  • Linkedin

Ken Smith

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 10.8k views
  • Sophos UTM Home Edition – 3 – The Setup 10.8k views
  • Leveraging MS16-032 with PowerShell Empire 10k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.9k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2023 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.