Sophos Firewall: v18.5 MR1: Feedback and experiences

Parents
  • Has there been any progress with enabling IKEv2 for remote access (NC-14133 I believe)? I haven't had any luck with getting L2TP working and IKEv2 is the new standard anyway, and I have it working for site-to-site. I can't see the ticket in either the resolved or known issues in the release notes.

Reply
  • Has there been any progress with enabling IKEv2 for remote access (NC-14133 I believe)? I haven't had any luck with getting L2TP working and IKEv2 is the new standard anyway, and I have it working for site-to-site. I can't see the ticket in either the resolved or known issues in the release notes.

Children
  • That is a major feature to implement and would be listed in the new feature, if this would be implemented. 

    __________________________________________________________________________________________________________________

  • Is there a release date for the IKEv2 Remote Access VPN? I've been waiting for this feature for a long time too.

  • I do not have a ETA for this feature. Question would be, if ZTNA is a solution for this kind of challenge? 

    __________________________________________________________________________________________________________________

  • Cloud services are not our preferred choice. We prefer an integrated VPN client in Windows. But I can take a look at ZTNA.

  • ZTNA is not cloud. ZTNA is something, which works "Per app VPN". Basically you can build a ZTNA gateway, which will be your "VPN Gateway" and will take responsibility to do a "per app" VPN. You get a Tunnel per application you want to use. You want to do a https:// request? It will take this and authenticate you to forward it to the service (on prem or cloud). You want to do RDP? It will take this and forward it. Without the need of VPN. VPN has some issues within the deployment = What about 100 Clients? How do you publish this? ZTNA will be integrated into the endpoint this year.  You can simply deploy the ZTNA client to the client and it will authenticate you vs the ZTNA gateway. Therefore you can simply RDP vs a Public DNS and get to the resource --> Secure and authenticated without the need to have a IP or anything within your network. 

    __________________________________________________________________________________________________________________