Hi XG Community!
We're pleased to announce the public Early Access Program release of Sophos Connect 1.1!
The VPN Client is now available from within the WebAdmin of your XG Firewall.
What's New in EAP Sophos Connect 1.1
Auto connect on changes to Network Connectivity
Sophos Connect will automatically determine if the user is connected to an inside or outside (guest) network. If on the guest network, then the VPN tunnel is automatically enabled with saved user credentials if available or else prompt the user for credentials or OTP.
Notifications and Error reporting
Display popup notifications and change the Sophos Connect ICON app state (normal, warning or error) to alert the user when the tunnel is established, disabled or fails to connect.
Dead-peer-detection (DPD)
DPD mechanism is used by Sophos Connect when there is unidirectional traffic. When Sophos Connect does not receive response from the gateway for configured dpd delay duration, it will send a R-U-There message to the gateway. If the gateway does not respond to these messages then after dpd timeout (currently configured to 200 seconds), it will delete the VPN tunnel and reinitiate to build a new VPN tunnel. This mechanism automatically rebuilds the tunnel after a gateway reboots while the VPN tunnel with Sophos Connect was active.
Upgraded to latest strongSwan
Upgrade to the current stable release (5.7.1) of strongSwan.
DNS Suffix option for auto-connect
Configure DNS suffix to determine if the Sophos Connect user is on the inside or guest network. Prior to this release the admin could configure a host IP address or a FQDN.
A feature is not working as expected? You have found a bug?
[Update] Sophos Connect EAP is now officially supported starting with v1.1 MR-1. Please contact Sophos Support if you experience any issues.
We have also created this new community group for Sophos Connect discussion.
Issues Resolved
- NC-31831 [Remote Access] DPD delay and DPD timeout were not used
- NC-37910 [Remote Access] Add handler to generate crash dump file on Windows
- NC-38332 [Remote Access] Telemetry data can't be sent when telemetry host IP resolves to IPv6
- NC-38440 [Remote Access] Generating a large number of error events instead of a single "No network error"
- NC-38933 [Remote Access] [MAC Only] Tunnel All VPN tunnel is not getting terminated when network connectivity drops
- NC-39042 [Remote Access] Monitor active SA statistics in the SC engine
- NC-39373 [Remote Access] Conflict between Sophos Connect and Sophos SSL VPN Client
- NC-39660 [Remote Access] Rekey time freezes to zero seconds when same username is used to establish tunnel from different SC endpoints
- NC-40455 [Remote Access] Rename TAP-Windows Adapter V9 to Sophos TAP adapter