SSL VPN - Route modification on VPN Policy not replicated on the client?

Hi Julian Cast,

Thank you for reaching out to Sophos Community.

Please check out the below thread.

community.sophos.com/.../permitted-network-resources-for-ssl-vpn-remote-access

Hello,
as I have the same issue at present the other way round, I hopefully may attach to this thread.
When added to the permiitted networks, new networks also are not available for the client, as the new route is not announced to the clients.

Two questions about this:
First - The linked article as a temporary solution suggests:

On the command-line console, go to Device management > Advanced shell
and enter the following command to delete the existing configuration file:

rm -rf /tmp/openvpn/conf.d/*

Will this resolve my issue ?

Second - When will MR6 be available ?
As long as it isn't, the manual action above will be the only remedy

And then some rant about another use case:
When I want to make IPsec Tunnel Networks available to SSL Client VPNs, I have to add their route manually on the console.
see this Sophos KB: https://support.sophos.com/support/s/article/KB-000037043?language=en_US

Hey Sophos developers ! really ??!  -  This is back to stoneage !
On the UTM you would simply add the permitted networks to the SSL VPN at the GUI and you were done.

Beeing a formerly happy UTM user, I feel like a guinea pig after migrating to XG ....

Hello,
as I have the same issue at present the other way round, I hopefully may attach to this thread.
When added to the permiitted networks, new networks also are not available for the client, as the new route is not announced to the clients.

Two questions about this:
First - The linked article as a temporary solution suggests:

On the command-line console, go to Device management > Advanced shell
and enter the following command to delete the existing configuration file:

rm -rf /tmp/openvpn/conf.d/*

Will this resolve my issue ?

Second - When will MR6 be available ?
As long as it isn't, the manual action above will be the only remedy

And then some rant about another use case:
When I want to make IPsec Tunnel Networks available to SSL Client VPNs, I have to add their route manually on the console.
see this Sophos KB: https://support.sophos.com/support/s/article/KB-000037043?language=en_US

Hey Sophos developers ! really ??!  -  This is back to stoneage !
On the UTM you would simply add the permitted networks to the SSL VPN at the GUI and you were done.

Beeing a formerly happy UTM user, I feel like a guinea pig after migrating to XG ....

This will be fixed in the V18.5 MR1 release, which is the next version. https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v185-mr1-eap

The point about the SSLVPN to IPsec Tunnel is true for policy based VPN. But the movement is towards route based VPN, which does not need policies etc. 

Hi LuCar Toni,

it seems that the 18.5 MR1 is available, my model and version is XG330 (SFOS 18.0.5 MR-5-Build586), why i don't see any update? Is it available for my model? 

Have i to download it manually? No risk to update it from 18.0.5?

Thank you!

Its a Early Access to this release. Therefore not officially released. See post: 

This release is expected to be Generally Available and rolled out automatically to all customer devices starting in early August.

Ok thank you i will wait august 

To repeat my question, which is still not answered:

The linked article suggests as a temporary solution:

On the command-line console, go to Device management > Advanced shell
and enter the following command to delete the existing configuration file:

rm -rf /tmp/openvpn/conf.d/*

Will this resolve my issue as long as the release who fixes this isn't available ?

Yes. It will republish the routes to the clients without interrupting the connection. As mentioned in the Known Issue article. 

OK, then I will use this workaraound in the meantime.