Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting script error when trying to connect to SSL Remote through Sophos Connect

I've installed Sophos Connect and double clicked a ,pro file I've created, and I'm getting the following error when I try to connect:

And the connection sits at:

Any help would really be appreciated!

Thanks



This thread was automatically locked due to age.
Parents
  • I have also seen this issue when the user did not have an email address in their user profile in the XG.

  • I've setup a test environment with a VM Firewall 18.5.2 with local users to test certificate changes and connect client scenarios.

    When connecting to the imported .pro file, I get the same issues as described here.

    file:///C:/Program%20Files%20(x86)/Sophos/Connect/GUI/js/connections.js

    In logviewer it is clear that the user can successfully login

    The user has access to the SSP profile

    The test user can log on to the userportal and can see and download vpn config.exe

    How can I debug that error? The SC logs are absolutely no help.

    2022-02-10 06:47:22PM [24932] dbg Provisioning connection from gateway: vpn.fqdn.lan
    2022-02-10 06:47:34PM [24932] err Failed to download the configuration from vpn.fqdn.lan
    2022-02-10 06:47:34PM [24932] dbg Sending notification: Failed to load connection

    I'm using self generated Certificates on the Firewall for Userportal and SSL VPN and have imported the Firewall CA into the machine store of Windows.

    Wireshark shows successful TLS negotiation between client and firewall.

    in the auth log of firewall i see "connected through clientless access" and the user has no clientless ssl vpn policy. I think I have never configured that before.

    any idea?

  • It's very hard to troubleshoot this as you say.  I've seen it before as I said if they don't have an email address in their user profile in the XG and I've also seen it if they weren't in a group that had access as well.  I'd double check that they are in a group in the XG, and that that group has access and that they also have an email address in their user profile.

Reply
  • It's very hard to troubleshoot this as you say.  I've seen it before as I said if they don't have an email address in their user profile in the XG and I've also seen it if they weren't in a group that had access as well.  I'd double check that they are in a group in the XG, and that that group has access and that they also have an email address in their user profile.

Children