SSL VPN Sophos UTM with inWebo LDAP integration

Prerequisite :

  • Sophos UTM

  • inWebo LDAP Proxy

  • Service account to request the LDAP server

  • inWebo account

Note: The following configuration and screnshots are based on Sophos UTM 9.5

Install inWebo LDAP proxy

To install inWebo LDAP Proxy go to:

https://inwebo.atlassian.net/wiki/spaces/DOCS/pages/1426751507/inWebo+LDAP+Proxy+installation+and+configuration+V1.1.0 and follow the steps.

Configure LDAP Authentication Server with inWebo LDAP Proxy

  1. Navigate to Definition & Users > Authentication Services > Servers tab

  2. Click + New authentication Server

  3. Fill in the parameters as shown below: 

    1. Backend: LDAP

    2. Position: Top (after saving this form it becomes 1)

    3. Server: Define inWebo LDAP Proxy Server

      • Name: Define a name for the inWebo LDAP Proxy

      • Type: Host

      • IPv4 address: enter the IP address of the inWebo LDAP proxy

      • Click on Save

    4. Port: LDAP proxy port

    5. Bind DN: service account authorized to request LDAP server

    6. Password: password associated with the service account

    7. User attribute: CN (Common Name)

    8. Base DN: this is the entry point in your domain for performing user and group lookups

  4. Click on Save

At this point, you can test your settings by filling out the fields "Username" and "Password" with a LDAP user account, which is also registered at inWebo, and then click on "Test".

Activate User Portal

  1. Navigate to Management: User Portal > Global tab

  2. In the "Allowed Networks" section click on "+" to specify wich networks are authorized to acces the End-User Portal

  3. Click on Apply

Configure the Sophos UTM End-User Portal with inWebo

  1. Navigate to Definition & User: authentication Services > Global Settings tab

  2. Enable "Create users automatically" in the Automatic User Creation section and click Apply

  3. Enable End-User Portal in the "Automatic User Creation for facilities" section and click Apply

Configure SSL VPN to use inWebo

  1. Navigate to Remote Access > SSL > Profile

  2. Click on New Remote Access Profile

  3. Make the following setting: 

    1. Define a profile name

    2. User and Groups: LDAP Users

    3. Local Networks: Add the local networks which should be accessible for the selected SSL clients via the SSL VPN tunnel

  4. Click on Save

Setup SSL VPN client in Windows environment

  1. Log in with an account user via the Sophos UTM User Portal

  2. Navigate to the Remote Access tab

  3. Download and install the client package

Testing inWebo LDAP proxy authentication with the End-User Portal

  1. Login: Enter a LDAP user account, wich is also registered at inWebo

  2. Password: Enter the associated password

  3. Click on Connection

  4. Click on Push notification from your enrolled mobile phone

  5. Enter your PIN Code

  6. Click on Accept

LDAP inWebo authentication test with the SOPHOS SSL VPN client

  1. Connect the SSL VPN with an inWebo user account 

  2. Enter the password associated to this account

  3. Click on OK

  4. Click on Push notification from your enrolled mobile phone

  5. Enter your PIN Code

  6. Click on Accept