1. Installation
2. WebAdmin
3. Dashboard
4. Management
4.1 System Settings
4.1.1
4.2 WebAdmin Settings
4.2.1 General
- WebAdmin Language
- Leave this as English
- WebAdmin Access Control
-
Currently set superadmins to admin, dnh,
ajh. I have changed the Allowed Networks to Internal
(Network) for added security.
4.2.2 Access Control
No changes to these settings (AUDITOR and READONLY)
4.2.3 HTTPS Certificate
No changes to these settings
4.2.4 RESTful API
No changes to these settings
4.2.5 User Preferences
Increased the table pager items to 25
4.2.6 Advanced
No changes
4.3 Licensing
No changes
4.4 Up2Date
No changes
4.5 Backup/Restore
More reading on this section required
4.6 User Portal
5. Local Fixes
Fix the "hairpin" bug
The "hairpin" bug is a "feature" of router efficiency - when
an external address that maps (externally) back to a local
network object, the router recognizes this, and changes the
from address to the local object (rather than the externally
recognized address). When the server tries to respond to
this, it uses the supplied address, which is not recognized
externally, and consequently returns a "server not responding"
message. The following steps will rectify this.
These steps are taken from the Sophos Community Knowledge Base.
1. Browse to Network Protection | NAT | NAT.
2. Click New NAT rule...
3. Under Position, change the number such that it is the same as your existing DNAT rule.
This will cause the new rule to be immediately above the existing rule.
If the Full-NAT rule is below the DNAT rule, the DNAT rule will apply instead, and the Full-NAT rule will not work.
4. Change Rule Type to Full NAT (Source + Destination).
5. Under For traffic from, choose your affected internal network.
For example: Internal (LAN) (Network)
6. Under Use service, choose the appropriate service or group of services (eg. HTTP, HTTPS, etc).
7. Under Going to, choose the external address of the server to be forwarded.
For example: External (WAN) (Address)
8. Under Change the destination to, choose the internal address of the server.
9. Under Change the source to, choose your UTM's internal address object for the appropriate internal network.
For example: Internal (LAN) (Address)
10. Ensure Automatic Firewall rule is checked. Otherwise, ensure you create the appropriate firewall objects.
11. Click Save.
12. Activate the new Full-NAT object.
