Attempts to download Sophos Connect client (IPsec and SSL VPN) from an XG135 User Portal result in a text file


I'm getting used to the operations of my new XG135 firewall. I'm configuring users for IPSEC VPN client access. I can create a user on the firewall. I then navigate to the firewall's User Portal and log in as the user. The User Portal displays a QR that I scan using the Sophos Authenticator on my phone. I then log in to the User Portal as the user this time with the 2FA code appended to the user's password. I land on the User Portal page shown below.

When I try to download either of the Windows or macOS clients, I don't get any kind of executable or installer. Instead, I get a text file called "info.txt" with the following content.

Requested file could not be provided. Make sure Pattern Updates are working correctly.
You can find it under 'Backup & Firmware' -> 'Pattern Updates'

I've checked my firewall's Pattern Updates and the Sophos Connect clients are there and have been updated recently as shown below.

The firewall has the latest firmware (SFOS 18.0.4 MR-4) and all the Pattern Updates look good (populated and have recent timestamps).

I am able to download the Sophos Connect clients while managing the firewall through Sophos Central. This is from the "VPN > IPsec (remote access)" page. When I do this I get a zip file containing the files

  • scadmin(legacy).msi
  • Sophos Connect_1.4_(IPsec).pkg
  • SophosConnect_2.0_(IPsec_and_SSLVPN).msi

I have used the Sophos Connect_1.4_(IPsec).pkg successfuly to install on a Mac. Similarly, SophosConnect_2.0_(IPsec_and_SSLVPN).msi works fine for Windows.

Thanks for your attention to my problem. Let me know if you need more information. I look forward to getting this resolved.



Edited TAGs
[edited by: emmosophos at 1:14 AM (GMT -8) on 11 Mar 2021]
Parents Reply Children
  • The XG never had a IPsec Config in the first place. The VPN Config for IPsec for iOS is a different format.

    PS: UTM had only the NCP Client config. See: The IPsec VPN section contains the old NCP based executable endpoint computer software, configuration file, and certificate (if selected) for the remote access endpoint computer.

    This new feature for the enduser to download a config + Client is new. 


    I am still pointing to a better solution compared to this user approach. As a administrator, my primary goal would be to distribute and maintain the software in a centralized approach. Talked to couple customers in the last days and nobody was using this (none-working) approach. Hence nobody really noticed a bug in the first place. 

    From a security perspective: I would highly encourage you to remove admin privileges from the users in the first place. But thats another story.  


  • __________________________________________________________________________________________________________________