Related
Recommended
talex

Hi XG Community!

We're pleased to announce the public Early Access Program release of Sophos Connect 1.1!
The VPN Client is now available from within the WebAdmin of your XG Firewall.

What's New in EAP Sophos Connect 1.1

Auto connect on changes to Network Connectivity

Sophos Connect will automatically determine if the user is connected to an inside or outside (guest) network. If on the guest network, then the VPN tunnel is automatically enabled with saved user credentials if available or else prompt the user for credentials or OTP.

Notifications and Error reporting

Display popup notifications and change the Sophos Connect ICON app state (normal, warning or error) to alert the user when the tunnel is established, disabled or fails to connect.

Dead-peer-detection (DPD)

DPD mechanism is used by Sophos Connect when there is unidirectional traffic. When Sophos Connect does not receive response from the gateway for configured dpd delay duration, it will send a R-U-There message to the gateway. If the gateway does not respond to these messages then after dpd timeout (currently configured to 200 seconds), it will delete the VPN tunnel and reinitiate to build a new VPN tunnel. This mechanism automatically rebuilds the tunnel after a gateway reboots while the VPN tunnel with Sophos Connect was active.

Upgraded to latest strongSwan

Upgrade to the current stable release (5.7.1) of strongSwan.

DNS Suffix option for auto-connect

Configure DNS suffix to determine if the Sophos Connect user is on the inside or guest network. Prior to this release the admin could configure a host IP address or a FQDN.

A feature is not working as expected? You have found a bug?

[Update] Sophos Connect EAP is now officially supported starting with v1.1 MR-1. Please contact Sophos Support if you experience any issues.

We have also created this new community group for Sophos Connect discussion.

Issues Resolved

  • NC-31831 [Remote Access] DPD delay and DPD timeout were not used
  • NC-37910 [Remote Access] Add handler to generate crash dump file on Windows
  • NC-38332 [Remote Access] Telemetry data can't be sent when telemetry host IP resolves to IPv6
  • NC-38440 [Remote Access] Generating a large number of error events instead of a single "No network error"
  • NC-38933 [Remote Access] [MAC Only] Tunnel All VPN tunnel is not getting terminated when network connectivity drops
  • NC-39042 [Remote Access] Monitor active SA statistics in the SC engine
  • NC-39373 [Remote Access] Conflict between Sophos Connect and Sophos SSL VPN Client
  • NC-39660 [Remote Access] Rekey time freezes to zero seconds when same username is used to establish tunnel from different SC endpoints
  • NC-40455 [Remote Access] Rename TAP-Windows Adapter V9 to Sophos TAP adapter

  • As a workaround, you can manually configure the DNS settings on the interface but it is not ideal.

  • Not liking that this EAP was released through Pattern Updates so any bugs that I raise are technically not supported by Sophos Support. EAPs should be manual opt in not automatic opt in. The Pattern Version should be like RED and AP firmware where you have to manually interact with the GUI to updated it and the EAP versions should clearly say "BETA" on them. I am going to raise my cases nonetheless as well as raise the automatic update to an EAP as a bug.

    I am currently raising a case that DNS is not being provisioned when connecting in either split or full tunnnel. This is synonymous with issue.

  • The downlaod from the 17.5 firmware is showing Sophos Connect Version 1.0.49.1016 Where can we get 1.1?

    The Sophos Connect Client has great possibility, but the Client is not setting the DNS server values, logs were sent to VIP SUpport, but they pointed me back here.

    The client is not getting the DNS settings as specified on the XG interface, here's part of the log. Showing DNS is failign to be set, it is the DNS in the XG GUI settings for the Connect Client

    2019-01-07 11:50:57AM 15[IKE] <BurnsIPSEC|1> Adding DNS server 192.168.117.11 to the TAP adapter

    2019-01-07 11:50:57AM 15[IKE] <BurnsIPSEC|1> 192.168.117.11 not in servers list, doing add

    2019-01-07 11:50:57AM 15[IKE] <BurnsIPSEC|1> Add DNS server 192.168.117.11 to adapter: failure - IP not enabled on adapter

    2019-01-07 11:50:57AM 15[IKE] <BurnsIPSEC|1> adding DNS server failed

    2019-01-07 11:50:57AM 15[IKE] <BurnsIPSEC|1> Adding DNS server 192.168.117.11 to the TAP adapter

    2019-01-07 11:50:57AM 15[IKE] <BurnsIPSEC|1> 192.168.117.11 not in servers list, doing add

    2019-01-07 11:50:57AM 15[IKE] <BurnsIPSEC|1> Add DNS server 192.168.117.11 to adapter: failure - IP not enabled on adapter

    2019-01-07 11:50:57AM 15[IKE] <BurnsIPSEC|1> adding DNS server failed

    2019-01-07 11:50:57AM 15[CFG] <BurnsIPSEC|1> handling INTERNAL_IP4_DNS attribute failed

  • What version of XG is needed before you can access this?

Unfiltered HTML