We'd love to hear about it! Click here to go to the product suggestion community
In the OpenVPN client, you can set the minimum required TLS version. When I set that to 1.2, I get an error when connecting to the Sophos XG because the server does not support it.
Only when I set the minimal level to 1.0 I get a successful connection.
What do I need to do to set the VPN to use TLS 1.2?
Hi Pieter van Kampen I would request you to check the URL- https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/19662466-tls-1-2-support-for-ssl-vpnPlease vote to prioritize the feature.
In reply to Keyur:
That is from 2017! I would hope that a security product such as the XG does not continue to rely on known insecure protocols. It makes you wonder whether this is a viable future product.
In reply to Pieter van Kampen:
Hi Pieter van Kampen I understand your point and I will forward your feedback to the concerned team to make the feature available as soon as possible.
Hi Pieter van Kampen
I would advice you to review this community post for more detail on this topic : https://community.sophos.com/products/xg-firewall/f/vpn/105223/how-can-i-change-the-ssl-vpn-control-channel-to-be-tls-1-2
Please review answer posted by Aditya Patel
In reply to H_Patel:
HI, from that, I understand I need to go to V18 as my XG 105 is still on V17.x However, I now see that this not work on "Older" models XG 105. I bought this in june 2018 and my first license has not expired yet, but it is already EOL?Do you have an upgrade offer?
We do not have plans, for now, to introduce this in V17.5. We have targetted the introduction in V18 MR1-1. If your appliance does not have 4GB, then you are not eligible for V18.
You may coordinate with our sales team and your local vendor for any offers pertaining to hardware upgrades.(If available)
In reply to Aditya Patel:
17.5 is not EOL and Sophos should back port this from 18 to 17.5.
I don't think he need to contact with sophos sales to fix a security issue of a supported version of sophos XG
In reply to l0rdraiden:
I agree, but they haven't solved this for three years now, so I won't be in contact with sales and draw my conclusions.
I have also just replaced our old firewall ( a Juniper series) with the XG 430 Sophos, believing it would be good, and just received our first PCI and was completely surprised at the results. So, from reading above am I correct to assume that upgrading to v18 will fix the TLS1.0 issue?
In reply to Network Inter-State:
You are correct. And you should be able to upgrade, as the XG 430 has enough RAM. It is an issue at the lower end.