Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 4 subscribers
  • Views 5989 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM - VPN Always on

zeus1976

Hello,


I would like to install "VPN Always On" on the clients. Is there a solution for Sophos UTM? I have seen PaloAlto's solution and the client automatically creates the connection and detects whether you are in the internal or external network.

Best regards



This thread was automatically locked due to age.
  • 0

    Hi,

    Isn't there a solution from Sophos?

    Best regards

  • 0 in reply to zeus1976

    Hallo,

    I've never heard of Palo Alto's offering.  I was aware of Microsoft's, but haven't touched it.  What "opportunity" do you have that made the Palo Alto solution attractive to you?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello Bob,

    PaloAlto simply has this cool feature that the VPN client is constantly connected to the firewall (VPN Always On is activated). Cool, would be if you could tell the client to be constantly connected, which is very difficult with the current client. Is there another client?

    Best regards

  • 0 in reply to zeus1976

    I still don't understand what problem you're trying to solve.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob.

    Thank you so much for your feedback. Ok, let me try again to sum it up.

    Objective: The clients should always be connected to the head office via VPN, no matter if you work from home or on the road. The employee should no longer have to log in, the client does this via certificate or the passwords are stored (not clear text) so that the client is constantly connected. In case of interruptions, the VPN must be automatically reestablished.

    Current situation:
    With the current SSL VPN or IPSec, the employee must always dial in.

    Question:
    1. is there such a client that it sees that one is constantly connected? (VPN Always on)
    2. which technology can be used to build such a scenario? (IPSec or SSL VPN)

    Thank you very much for your feedback - I hope I could summarize it so that it is clear.

    Best regards

  • 0 in reply to zeus1976

    Yes, with the OpenVPN client, the username and password are stored in a plain text file for auto-logon.  10 years ago, Sascha Paris copied info here about the three scripts that can be run by the client.  There's OpenVPN Client: Autorun and autoconnect with instructions on how to have the Windows Task Scheduler start the client at logon.   If there's an interruption to the connection, I don't know of a way to reconnect automatically - only manually, but that's just a right-click and two left-clicks of a mouse.  Someone with a talent for writing Windows batch files could probably make one that pings an internal device and reconnects when the ping isn't successful.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi

    Thanks for the feedback. This is exactly what is cool about the PaloAlto Client - it ensures that the client is always connected via VPN and can also distinguish whether it is in the internal network or on the road. On the other hand, it intervenes immediately if the Internet connection is interrupted and restores the VPN tunnel.

    Best regards

Unfiltered HTML