Attempts to download Sophos Connect client (IPsec and SSL VPN) from an XG135 User Portal result in a text file

Howdy!

I'm getting used to the operations of my new XG135 firewall. I'm configuring users for IPSEC VPN client access. I can create a user on the firewall. I then navigate to the firewall's User Portal and log in as the user. The User Portal displays a QR that I scan using the Sophos Authenticator on my phone. I then log in to the User Portal as the user this time with the 2FA code appended to the user's password. I land on the User Portal page shown below.

When I try to download either of the Windows or macOS clients, I don't get any kind of executable or installer. Instead, I get a text file called "info.txt" with the following content.

Requested file could not be provided. Make sure Pattern Updates are working correctly.
You can find it under 'Backup & Firmware' -> 'Pattern Updates'

I've checked my firewall's Pattern Updates and the Sophos Connect clients are there and have been updated recently as shown below.

The firewall has the latest firmware (SFOS 18.0.4 MR-4) and all the Pattern Updates look good (populated and have recent timestamps).

I am able to download the Sophos Connect clients while managing the firewall through Sophos Central. This is from the "VPN > IPsec (remote access)" page. When I do this I get a zip file containing the files

  • scadmin(legacy).msi
  • Sophos Connect_1.4_(IPsec).pkg
  • SophosConnect_2.0_(IPsec_and_SSLVPN).msi

I have used the Sophos Connect_1.4_(IPsec).pkg successfuly to install on a Mac. Similarly, SophosConnect_2.0_(IPsec_and_SSLVPN).msi works fine for Windows.

Thanks for your attention to my problem. Let me know if you need more information. I look forward to getting this resolved.

Sincerely,

Chris



Edited TAGs
[edited by: emmosophos at 1:14 AM (GMT -8) on 11 Mar 2021]
Parents Reply Children
  • I still do not understand the use case, which we are talking about.

    Could you please give me the use case, why you want to download the config in the user portal instead of simply use the webadmin and push this to the clients? 

    Why do you want to use this feature in the first place? It does not make sense to me, to advise the user to login to the user portal, if you can install the software remotely, install the config remotely.

    PS: UTM does not include this feature. There is no Sophos Connect integration. 

    I still think we are not talking about the same. And i am not able to understand, where is the misunderstanding. 

    __________________________________________________________________________________________________________________

  • Hello,

    on the utm the User can Download its own IPSec konfig File, this doesnt work on the xg.

    the User should install it self.

    On the xg there is the feature but it is Broken, you told us.

    please fix it instead of tell me, that our Solution is not your first way.

  • The XG never had a IPsec Config in the first place. The VPN Config for IPsec for iOS is a different format.

    PS: UTM had only the NCP Client config. See: The IPsec VPN section contains the old NCP based executable endpoint computer software, configuration file, and certificate (if selected) for the remote access endpoint computer.

    This new feature for the enduser to download a config + Client is new. 

     

    I am still pointing to a better solution compared to this user approach. As a administrator, my primary goal would be to distribute and maintain the software in a centralized approach. Talked to couple customers in the last days and nobody was using this (none-working) approach. Hence nobody really noticed a bug in the first place. 

    From a security perspective: I would highly encourage you to remove admin privileges from the users in the first place. But thats another story.  

    __________________________________________________________________________________________________________________

  • __________________________________________________________________________________________________________________