Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
I have Sophos XG210 (SFOS 17.1.3 MR-3) with WAN1 and WAN2 interfaces. Both WAN1 and WAN2 belong to zone WAN. WAN1 is much faster then WAN2 and I'd like to know if there's any way to force SSL VPN users go through WAN1 only when accessing our internal resorces without dropping packets for WAN2?
you'll need to edit the SSL VPN Config File (.ovpn) and remove all the line with remote X.X.X.X except the line with the remote Wan1IP
You can also change the IP/Hostname that you would like to connect, but the downside is not been able to connect if the defined link is down (if configured by IP). You can workaround by using a DDNS. If the WAN definied went down, you change the DDNS to connect in another WAN.
Change VPN Settings:
Before the changes:
After override IP:
After override DDNS:
In reply to rafaelmicrotron:
This does work if you want to use a single IP or host name, but if you'd like to leave multiple entries in the configuration file, you can't edit that list. It's either a random order of all interface IPs, which seems like a dumb default, or it's the one host name you configure. This needs to be customizable incl. the order of interfaces to put in the config file imo.
To resolve this issue via edit your SSL VPN config File (.ovon) And you have to remove all the remote IP except the IP of wan 1.
The second method to do that via changing IP/Hostname
you also need to change VPN settings And DDNS:
Hope this will help you