Sophos XG v18: How to configure Clientless VPN for outside users can connect SSH to Ubuntu Server

Overview

The article show how to configure Clientless VPN feature on the Sophos XG firewall device, a feature that helps users outside the system only need to use a web browser to VPN to the enterprise internal system and access the servers in the system without installing VPN agent

The article user HTML5 to access the server using the SSH service

Diagram

Network details

The WAN IP of the Sophos XG device has IP address 172.16.31.52 for clientless users to remotely access this IP

Ubuntu server has local IP 172.17.17.101/24, clientless user will SSH remotely

Configuration situation

The article configures to create a Clientless user so that user can use HTML5 to remotely access the Ubuntu server using SSH

Configuration steps

  • Create HTML5 Bookmark for RDP access to Ubuntu server
  • Create Clientless VPN
  • Implement remote access using Clientless
  • Result

How to configure

Create HTML5 Bookmark for RDP access to Ubuntu server

  • Go to VPN -> Choose Bookmarks -> Click Add
  • Enter name for bookmark
  • In Type: Choose SSH
  • In URL: Enter Ubuntu server’s IP address
  • In Port: Keep default port or another port that you want to use to access to Ubuntu server
  • In Username: Enter username that access to Ubuntu server
  • In Public host key: Enter SSH public host key
  • Click Save

How to get Public host key of Ubuntu server

  • Access to Ubuntu server by root
  • Go to cd /etc/ssh
  • Open ssh_host_rsa_key.pub file
  • Copy the entire file ssh_host_rsa_key.pub and copy it to the public host key

Create user

  • Go to Authentication -> Choose User -> Click Add
  • Enter name for user
  • Enter password
  • Click Save

Create Clientless Access VPN

  • Go to VPN -> Choose Clientless access -> Click Add
  • Enter name
  • In Policy members: Choose user which was created before
  • In Published bookmarks: Choose bookmarks which was created before
  • Click Save

Implement remote access using Clientless user

Result

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.