Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
So far I have found the documentation lacking for setting up the new VPN client that comes with 17.5. Specifically in regards to the internal and external ID and what thats for. I am also wondering with the IP range? Does it create the DCHP pool automatically?
It would be great if there was a walkthrough on setup or if there were any more details. But I can't find any.
I have the same problem it don´t works, my SSL VPN works fine.. i have make with then :
I can connect it after but i don´t see any thing, no intern websites or any another website so i think it ist a problem of the dns
In reply to Floiran Lentz:
Same here Seems the document is less than helpfull
In reply to MarkMurphy:
Yeah, I was using that too. The docs are less than helpful on what the IDs are supposed to be. It would be nice if Sophos would give a better walkthrough, would love to use this over the SSL vpn.
In reply to Brian Hawkins:
The Sophos Connect Client is in EAP.
Here is an Guide:
Plus this :
The current V17.5 simply renamed the old Cisco VPN tab.
So basically everything is used like before.
In reply to LuCar Toni:
Yes this basically was sure, but is don't work!
I have Connection to my Sophos but i don't can ping any Host!
The section that talks about an IP pool for client and is not real clear, From what I understand, and correct me if I am wrong, you assign in the pool a few address from the Firewall Local LAN network so that when you connect you can access that network. Anyway I tried it both ways, assigned it at IP from Firewall LAN and made IP address from another network and nether one allowed me to access the internal LAN.
Both times I was able to connect but could not ping or connect to any devices in the LAN, Are there firewall rules or some other configuration to is needed?
I got mine working, after it was explained that it was a Cisco VPN. I assigned a random IP from the class b network. And then my firewall rules for VPN worked just fine. I am able to use the sophos client to connect my Mac to the XG. I will start rolling this out to the test group, hopefully its faster than the SSL vpn connection were currently using.
Can you post a acreenshot af the fw rule and connect client setup page?
I must be missing something out, as I cannot get any traffic through the tunnel at all, it's like it's not being routed at all.
Connection works fine, traffic counters just remain at 0 :-(
In reply to twister5800:
Here is my setup.
Sophos connect tab
This is the FireWall Rule Zone VPN to my other Zones and WAN (Since its full tunnel)
I set this up on our LAB XG and didn't even need a firewall rule to allow the connect clients access to the LAN. I only have a single firewall rule, default LAN to WAN. I created a small subnet range (different from the internal LAN) within the connect client setup. I see you guys created firewall rules, is that to restrict access?
In reply to Chip Barnett:
I have that rule in place to allow access to the different vlans for the SSL VPN assumed that same VPN rule was being used by Client Connect.
Grab the updated installer v1.1 came out last night.
Also for those wanting to restrict access to certain subnets / networks you can do this by modifying the TGB file with the admin tool.
LuCar Toni Linked it earlier:
I did this and then pushed the Sophos Connect MSI and TGB file out via PDQ to all my VPN users. So far it's been solid.
I find it easier to manage than SSL-VPN due to the certificate per user issue.
In reply to M8ey:
Little sneak peek.. Check out the installation directory on windows. There is something called sccli.exe
Open this with Cmd --help :)
add options: -f, --file PATH Adds the connection from the specified path. -d, --data Send the file data instead of the file path. -n, --name NAME The user-friendly name of the connection. If this option is omitted, the name will be determined automatically. -a, --auto Automatically enable the connection. (TBD) -V, --verbose Show verbose messages. -H, --help Show help for the add command.
* The add command will fail in environments where policy does not allow unmanaged connections to be used. * If the add command is successful, the connection's name will be written to the command line. This name is used in other command line options. * If the auto option is omitted, the connection may still automatically be enabled based on the settings in the connection file.
Thanks for this. Mine was made that way also, just with PSK, but nonetheless, the same.
Haven't had the time to fiddle with it, until today, so instaleld the new version, and boom, it all worked :-D
Hooray and merry x-mas ;)