Hello Everyone,

 

I'm pleased to announce Sophos Connect 2.2 has been released. this is primarily a security and quality update that addresses a number of issues in the libraries used by Sophos Connect, and addresses a number of issues in the client. The client is available for download, and has been distributed to SFOS firewalls via pattern updates. 

 

Security Updates

  • NCL-1635 - Security fix for CVE-2022-0778
  • NCL-1585 - Security fix for CVE-2021-27406 in OpenVPN binary
  • NCL-1490 - Security fix for CVE-2021-3606 in OpenVPN
  • NCL-1667 - Security hygiene cleanup for CVE-2020-1967 

Issues Resolved

  • NCL-1622 - Fix GCM Cipher parsing error
  • NCL-1399 - Fix rare issue with random SSL authentication failure
  • NCL-1616 - Fix connection issues with special characters in password
  • NCL-1372 - Fix connection issues with special characters in password
  • NCL-1319 - Fix provisioning issues with special characters in password
  • NCL-1256 - Fix provisioning issues with special characters in password
  • NCL-1261 - Fix SSL authentication with multiple spaces in username
  • NCL-569 - Fix provisioning issues with special characters in username 

Download Links

Related Links

Parents Comment
  • Joe, I have a customer having somewhat similar issues.  8 hours on the dot after they connect for the first time, they get disconnected.  It will show they were logged off in the firewall, but I have the AD/SSO setting set for 10 hours and VPN timeouts to unlimited.  Also, makes me wonder if this is a MFA timeout as well.

Children
  • should be related to the rekey timeout on server's side! with v19 you are able to set rekey time interval vi GUI.
    The issue here is 2FA if enabled for Remote Access VPNs via SC, since the Client tries to reconnect after rekey-timeout, the connection can't be hold because 2FA proposals are out of date and must be reentered by the user with current OTP ;-)

  • We already had the key lifetime set to 12 hours (43200 seconds). The old SSL VPN client doesn't have this problem, just the new Sophos Connect Client. openvpn client also is fine.