We'd love to hear about it! Click here to go to the product suggestion community
I am looking for a firewall to sell to my customers instead of Kerio Control. XG firewall caught my eye so I go to testing the device. Some features I like some I don’t like … well that is what it is and have to deal with it.
As I understand XG Firewall there are two documented ways to connect a VPN client to server.
First of them is a "SSL VPN". It works ok. But there is the problem that SSL Client provided asks user credentials every time it is connecting. Also it keeps disconnecting when there is no activity as I understand the settings. By support people I was told that asking credentials is a security feature and it makes the whole thing safer. My opinion is that I turned on and unlocked encrypted laptop so writing the password again doesn’t make much sense. The second problem I run in to was that the ssl vpn client was able to reach XG ports IPs and the networks behind them as it supposed. But I need to reach from server to the client - the opposite way. I was not able to do that, but I might have had misconfigured the device.
The second way is "Sophos Connect". It looks like IPsec. By the support people I was told that is kind of beta and so they don’t recommend commercial use and really on it by business. Also the configuration looks complicated as there are actually two apps to setup a client connection (Sophos Connet and Sophos Connect Admin … crazy). So I don’t know.
I see a lot of suggestions on the internet like to tweak registers to get the "SSL VPN" connect automatically, using some kind of third part VPN clients instead of the documented ones. I don’t feel like betting my business on that. I want the Sophos say that there is the solution to go with.
Long text short. I am looking for functionality "Kerio Control Client" has. Easy to install app with simple setting (server, user, password). I strongly require automatic start of the app after the computer boot, automatic login to server with no question asked. Also I require to be able to access clients computer by vpn clients ip. Kerio does that, my customers are used to it. Can Sohos XG does that? It must be Sophos proved solution.
Thank you very much. With best regards Pavel
Hi Pavel Vanek Support has provided correct information regarding SSL VPN and Sophos Connect Client. They are developed keeping security measure as a primary concern.I would request you to submit your idea at https://ideas.sophos.com/ and concern team will look into it.
In reply to Keyur:
I dont believe that anybody wants to hear ideas here ... . The result for us is that the XG firewall is not suitable for out clients mainly due the VPN clients.
With SSL Client customers dont accept ssl client with no autologin feature as the security is good enough provided the laptops are crypted so nobody can access the os unnotices.
Sophos Connect Client proved not to be stable. There are multiple issues I got randomly budirng the periot I tested it.
In reply to Pavel Vanek:
Hi Pavel Vanek Sorry for the inconvenience caused, I would request you to open a support case for the issue with Sophos Connect Client.
The thing is that at this price range my customers require great working condition. To open a support case just to make a VPN client work is not suitable for my business. I dont have people to do beta testing. How would I install 100 of them when even the first one fails? And the troubles around ... .
I quite like XG, but for us it fails on VPN access.
The desicion stands and it states that we turn one more year with Kerio watching how Sophos will do.
Thanks anyway. pavel
You can try a simple solution for automatic connection/login to sslVPN on XG - Free OpenVPN client + modification of the .ovpn script. You can install the free OpenVPN program on a Windows computer, configure sslVPN on XG, download the ovpn script from the XG portal (an option for the android), modify the ovpn script by editing the command: auth-user-pass password.txtThen create the password.txt file with login data and copy both files (ovpn and txt) to the appropriate "config" directory of the OpenVPN program. "OpenVPNservice" should be configured to start automatically with Windows and the rest is done by the ovpn script after restart.The downside of the solution are login data saved in open text.