Sophos SSL VPN and Heartbeat - it takes some time to connect

Hello together,

I implemented Sophos SSL Split-Tunnel VPN for Clients with Endpoint Protection installed with heartbeat Rules to require a green heartbeat for connectivity to our company network. Unfortunately, it sometimes takes even a few minutes (in most cases 10-20 seconds) until Endpoint protection seems to send a heartbeat signal through the SSL VPN and in the meantime the user can not connect to our internal company ressources.

So in general it is working, but we are getting many incidents from our users where they tell us, vpn would not connect properly because they eventually need to wait too long for their heartbeat signal.

This is the guide I followed: support.sophos.com/.../KB-000038254

Is there a way to launch a script directly after SSL VPN connected successfully and trigger such a heartbeat signal from our Endpoint Client?

We need such a script also for triggering gpupdate /force to map our network drives for the user so if anyone has experience with post connect scripts, I very much appreciate your assistance.

Kind regards,

David

Parents
  • Update:

    I found a post showing options to run "post connect" scripts when you place a *_up.bat in the config-directory.

    https://community.sophos.com/utm-firewall/f/vpn-site-to-site-and-remote-access/53429/run-script-on-client-after-successful-connection/194110#194110

    This is ALMOST working. I have the following two issues:

    1) The script should (for now) just execute gpupdate /force and it apparently does. However, the script is executed BEFORE the tunnel is completely up and running AND has only 15 seconds until an error message appears "Connectscript failed. Aborted after 15 seconds."

    After clicking ok, the VPN icon switches finally from yellow to green, but that wont help me, trying to do a gpupdate since during script execution, the vpn tunnel is NOT up and thus our domain controllers OF COURSE unreachable.

    2) Additionally, gpupdate /force will always take more then 15 seconds to complete. Does that mean, we are definitely unable to use this command in the "post connect script" or is there a way to remove this timeout or at least increase it dramatically?

Reply
  • Update:

    I found a post showing options to run "post connect" scripts when you place a *_up.bat in the config-directory.

    https://community.sophos.com/utm-firewall/f/vpn-site-to-site-and-remote-access/53429/run-script-on-client-after-successful-connection/194110#194110

    This is ALMOST working. I have the following two issues:

    1) The script should (for now) just execute gpupdate /force and it apparently does. However, the script is executed BEFORE the tunnel is completely up and running AND has only 15 seconds until an error message appears "Connectscript failed. Aborted after 15 seconds."

    After clicking ok, the VPN icon switches finally from yellow to green, but that wont help me, trying to do a gpupdate since during script execution, the vpn tunnel is NOT up and thus our domain controllers OF COURSE unreachable.

    2) Additionally, gpupdate /force will always take more then 15 seconds to complete. Does that mean, we are definitely unable to use this command in the "post connect script" or is there a way to remove this timeout or at least increase it dramatically?

Children
No Data