I am moving from SSL VPN to Sophos connect.
In SSL VPN we are using different profiles (for normal users, Admins and light users) to handle different rights and accesing different networks.
How can I handle this using Sophos Connect? There is onl one config possible.
Thanks for hints
.pro File is for SSLVPN
.SCX is for IPsec.
IPsec only support one Profile. SSLVPN multiple profiles.
So you can use one pro and one SCX File for all users and it will follow the statements above.
I need to come back to that. I have Sophos XG in place used for different customers connecting to different subnets. I cannot put one FW for one customer. When this SSL VPN feature gets lost and neither Sophos Connect nor ZTNA can pick up this featureI need to keep the unsupported SSL Client up and running and look for another solution. Right?
What do you mean by one FW per customer? What do you try to do?
Create a supernet for the ipsec profile (f.e. 10.0.0.0/16) and allow the customer only to his subnet (f.e. 10.0.1.0/24).
You can make this with your firewall rule and match the customer group/user to his subnet..
Ah, sorry for delayed answer. But thanks. That is a possible solution. I will have some setup.
Come back. DNS: How to deal: You need to have cond DNS forwards but that means all VPN users can see any internal host names.
Answer to LuCarToni:
Hi, multiple different subnets behind my XG (1 or 2 per customer). Acutally I define a new SSL VPN profile incl. individual DNS and own permissions. I can handle lots of smal cusomters with that (1 to 10 users about). Without SSL VPN - how to setup that? I can get one XG per customer but that is not really sensefull.
You can still import the OVPN file to Sophos connect (one per Firewall product).
Thats really a problem. You can make a main dns and create delegations for all your customers Domains/DNS or use generic server-names (with no assignment to customer names). It depends what you are trying to do and how your setup ist.