Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 2 answers
  • Subscribers 39 subscribers
  • Views 5580 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IKEv2 for Remote Access

nils50122

Hello,

we migrated last week to Sophos XGS3100. Now i am on the last steps - configure remote access for our users.

I am very surprised that unfortunately no IKEv2 profile can be stored in Sophos Remote Access Feature. I search the topic in these forum and see people will beg for these feature since 3-4 years. 

Now i want to ask : Why aren't they able to implement a standardized protocol within several years?

We pay thousands of euros for an next generation firewall and then we need to use an IKEv1 protocol which are insecure?! 

This is not the only reason why I am very amazed. Also SNMP Monitoring is an joke. We can only monitor interface state, but logical things like monitoring an ipsec phase1 and phase2 is not possible? Sorry but other firewall vendors have these features since 10 years.



This thread was automatically locked due to age.
Parents
  • 0

    I am still seeing VPN as a dead end for the future. ZTNA will take over in the upcoming years. Maybe it is time to take a look at how to resolve VPN limitations for the future? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Ok. But for the moment i think for the most companys VPNs are mandatory. 

  • 0 in reply to nils50122

    It depends on what you actually are willing to offer to the companies. There are approaches right now to give such companies only access to a certain resource with a https approach. (Giving a virtual machine and your own resources to secure the environment). 

    Personally i do not want to give anybody outside my company any kind of VPN to my company - I do not know, what they have installed, i do not know, if there clients are compromised etc. 

    "Most companies" - I highly doubt that every company (especially in certain size and security levels) are giving out VPNs. This could be potentially correct for smaller companies because it is technically easy to resolve. Giving out VPN is a technical easy point of view. But the lack of security perspectives are huge. You are actively giving a person a entry card to your building and likely to most facilities. Who is using this card, when there are using it etc. is most likely not controlled. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I am sure you´re right - but can we focus on the questions from this thread (when will ikev2 for xg available)? ;) 

  • 0 in reply to nils50122

    It is on the Backlog for a Future Release. 

    __________________________________________________________________________________________________________________

Reply Children
  • 0 in reply to LuCar Toni

    IKEv2 support for IPsec remote access is part of our prioritised backlog but unable to make it in any upcoming release. As mentioned above earlier NC-14133 was planned for v19.5 but due to other priority work we are unable to accommodate it.

     We will keep you posted once it's planned for any upcoming release.

Unfiltered HTML