Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 1936 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN upgrade from SG to XG?

MarkThornton

I am planning a replacement of an SG210 with an XG210. I have existing certificate based tunnels on the SG. Can I export the certificates from the SG, including the local X509 cert, then import them into the XG in order to avoid dealing with issuing new certs to users?



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Keyur

    I wasn't able to figure out how to export both the certificate and the private key from the SG. The certificate is easy enough to download, but the requirement for the private key to upload is the challenge. I guess I will go through the pain of generating and distributing new certificates all around.

Children
  • 0 in reply to MarkThornton

    XG cannot use Imported Certificate for SSLVPN.

    So do not take this way, because it will not work anyway. 

    XG will always create a new SSLVPN Configuration (+Certificate) for each user.

    Maybe the better approach is to migrate to Sophos Connect (IPsec).

    One configuration for all users without the need of SSLVPN.

    https://community.sophos.com/kb/en-us/133109

     

    Use the existing SG, while all clients are connected, push out the Sophos Connect configuration via GPO and teach the people to use another client.

    https://community.sophos.com/kb/en-us/133555

     

    Then slowly migrate the SSLVPN User one by one, if needed. 

    __________________________________________________________________________________________________________________

Unfiltered HTML