Intercept x with EDR VPN Issue

Hey there,

we have a problem with the VPN clients, with Sophos.

this VPN client is Juniper Pulse Secure Client. But we also have a client from NCP Secure Entry Client, but this case only occurred with the Pulse .. client, which is why we had to uninstall Sophos again.

Problem Description: if the VPN client is switched on, the Internet is cut off from the PC with Sophos. We did a cross test by turning off Sophos, after which the internet was back. also backwards. Unfortunately, we were unable to switch off various individual options and then switch the Internet back on.

Could you please help us with this? 

has anyone ever had problems with VPN connections?
Which settings do I have to make?

thanks for your help

Vicky
Parents
  • HI Vicky,

    Does the vpn error out or do you just not get any data when requesting a website? Is it a split tunnel? Does all network traffic stop or just stuff to the other end of the vpn?

    RichardP

    Snr. New Product Introduction Engineer | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hi Richard,

    I'm the user of the affected PC. Let me try to explain: Everything is working well with the Sophos Client installed as long as I don't open and connect the Pulse Secure Client. After launching and connecting the Pulse Secure Client, I can ping other network ressources i.e. our internal router or a webservice, but I'm not able to open any website, including internal ones like the router or Jira, Confluence, etc... The requests simply timeout. I only can access Websites if I then disable all services of the Sophos Client. I was not able to test, which one causes the problem or if it is related to a single component. What I'm not really happy with is, that the Sophos Client seems to block something, but doesn't log anything anywhere. I would expect to see something related to that at least in the central alert for example. So for now I worked around this issue by uninstalling the Sophos Client. The good thing is: This seems to be a very special issue related to Pulse Secure VPN, so none of our customers should be affected. Slight smile

    Thank you for your support!

    Best,

     Markus

  • In the Threat protection policy that is applied to the computer/user, if you disable:

    • Scan downloads in progress
    • Block access to malicious websites

    Then in the Web Control policy if enabled, disable that.

    I assume everything then works. You will need to close all browser processes down.

    Another option might be, does Pulse secure give you the option to use a legacy non-WFP driver?  

    I suspect this is a WFP conflict.

  • https://docs.pulsesecure.net/WebHelp/PDC/9.1R5/pdc-admin-guide/Overview/Overview.htm

    Details that you might be able to configure it to use TDI rather than WFP.  You could possibly try this mode with the above 3 Sophos features re-enabled to see if that works in combination.

Reply Children
No Data