SOPHOS UTM REMOTE ACCESS VPN PPTP CONFIGURING UTM AND CLIENT

April 2, 2015 Joe Techbast Firewall, Security, Sophos 0

Link to video:

A. Configuring UTM

  1. Defining a user account
    • Open Definitions & Users > Users & Groups > Users
    • Click “New User” button
    • Make the following setting:
      • Username, Real name, Email address
      • Authentication: Remote Access PPTP the “local” and “RADIUS” authentication methods are supported. With “local” authentication method, you will enter two fields password and repeat1
    • Click “Save”
  2. Configuring PPTP settings
    • Open Remote Access > PPTP > Global tab
    • Enable PPTP

    2

    • Make the following settings:
      • Authentication via: Select the authentication method (local or Radius method)
      • Users and groups: When you using local authentication, please select the users or groups that should be able to use PPTP remote access.
      • Assign IP addresses by:
        • IP address pool: default IP address 10.242.1.x/24, Network is called VPN Pool (PPTP).
        • DHCP server (DHCP server Via interface)
    • Click Apply to save your settings
  3. Configuring advanced PPTP settings
    • Open Remote Access > PPTP > Advanced tab
    • Set the encryptions strength: select the encryption strength 40-bit or 128-bit

    3

    Note: You should always set encryption to Strong (128-bit) except when your network includes endpoints that cannot support this. Both sides of the connection must use the same encryption strength.

    • Click Apply to save your settings
    • Optionally, enable debug mode => click Apply4
  4. Defining Firewall Rules
    • Open Network Protection > Firewall > Rules tab
    • Click New Rule button

    5

    • Make the following settings:
      • Sources: Add the remote host or user
      • Services: Add the allowed services
      • Destinations: Add the allowed networks
      • Action: Select Allow
    • Click Save
    • Enable the rule: clicking the status icon => status icon turns green
  5. Masquerading Rules
    • Open Network Protection > NAT > Masquerading tab
    • Click New Masquerading Rule button

6

    • Make the following settings:
      • Network: Select network of the remote endpoint.
      • Interface: Select interface.
      • Use address: If the interface you selected has more than one IP address assigned, you can define here which IP address is to be used for masquerading
    • Click Save
    • Enable rule
    • Optionally, activate the proxies

B. Configuring  remote CLIENT

  1. Start your browser and open the User Portal => Log in to the User Portal => go to Remotes Access lab => view information PPTP.userporrtal
  2. Configuring Windows Client
    • Click Start => Control Panel
    • In the Control Panel, click Network and Internet => Network and Sharing Center => Set up a new connection or network

a

    • Define the dial-up Internet connection

b

    • Click Next
    • Enter the hostname or the IP address of the gateway => Allow other people to use this connection

c

    • Click Next
    • Click Create

d

    • Right-click the new connection and select Properties => Security => make information same picture follow:

e

    • click OK
    • Open Network => enter username and password => Connected

ff

Done, Thanks you!

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.