Sophos Connect client looses profile when changing network

We are experiencing a very strange effect with the Sophos Connect client.

We are using SSL VPN connections for the users.

The users load the profile from the user portal and import it into the client.

The connection works properly. 

But when the user changes his network (i.e. goes from his home office from where he downloaded the profile to the airport) the profile disappears.

This phenomenon has been observed with multiple users.

Every time the user changes his network, he/she has to download and import her/his profile again.



Edited TAGs
[edited by: emmosophos at 11:24 PM (GMT -7) on 21 Jul 2022]
  • Essentially you could workaround this behavior with the .pro File. See: docs.sophos.com/.../index.html

    __________________________________________________________________________________________________________________

  • Hallo LuCar Toni, thanks for the fast answer.

    You're telling me that this is an expected behaviour and that one has to "work around" this behaviour :-)

    I'll try and test, whether this solution can work with our customer.

    Alexander Poettinger

    Sophos Certified Architect - XG
    Sophos Certified Technician - XG
    Sophos Certified Engineer - UTM

    xame gmbh
    Sophos Gold Partner

  • It is not a expected behavior. I heard some feedback about "loosing configs" but nobody could relate this to a network change.

    In fact i know customers doing this from the company and moving to home. If i remember correctly, is doing this as well. 

    __________________________________________________________________________________________________________________

  • It's not consistent, but I was able to verify it on a virtual machine by just switching virtual network card from a bridged to a NETted one.

    Some profiles lost their config, some didn't.

    When I moved back to the prior network, some profiles were back in place.

    I checked that the client creates differnet internal profiles for it.

    I had imported two different profiles each for one of the users, but after the changes, there were three different profile files in the "\protected" folder of the client

    Alexander Poettinger

    Sophos Certified Architect - XG
    Sophos Certified Technician - XG
    Sophos Certified Engineer - UTM

    xame gmbh
    Sophos Gold Partner

  • We're using the pro file, load the config when user can connect to the userportal. on the WAN side, userportal is off and it works fine. But we have not had issues with lost configs for CC client.

    So Alexander has an other issue here where I cannot help. Did you do this with version 2.2 already?

  • I've tried with the PRO file.

    It works fine, but the profile is still not persistent.

    I had installed the PRO file for two users; then I shut down the virtual machine, changed the network card (like moving from home office to WiFi at the airport) and the profile for one of the users was lost again, the other one was still there.

    I'm using the Sophos Connect Client in version 2.2.75.0506

    Alexander Poettinger

    Sophos Certified Architect - XG
    Sophos Certified Technician - XG
    Sophos Certified Engineer - UTM

    xame gmbh
    Sophos Gold Partner

  • is it two users on one VM and one of these local users loses the vpn config?

    I do not exactly understand what you're doing with the VM - for me it reads like

    - shutdown

    - remove original NIC from VM

    - add an other virtual NIC

    and then after power on, one of 2 users has a lost config.

    is that correct?

    Or do you only assign an other network to the same virtual NIC?

  • Yes, in this case one of the users loses the profile, the other doesn't.

    But the profile files themself are still in the profile folder of the Sophos Connect Client.

    The moment I change the netowrk back to the one I imported the profile from, the profile is back in the GUI of the client.

    About the networks, the VM has three network cards, as it is a test VM for different usages.

    What I do is to tell WMware Workstation not to connect one of the interfaces at startup but one of the others.

    Therefore for WIndows it's like there is no network cable connected to the one that are not connected.

    This is a perfect way of simulating the change in networks.

    It works like beeing in the office with the docking station, then beeing in the home office, then beeing at the airport.

    Alexander Poettinger

    Sophos Certified Architect - XG
    Sophos Certified Technician - XG
    Sophos Certified Engineer - UTM

    xame gmbh
    Sophos Gold Partner

  • As far as i know, Vmware "connect" is not the same as using a network cable. 

    Connect means, the hardware will be connected. Its like plug in a new network card, not the cable. 

    So you are removing the entire card the entire time, that is not the same like a user going home. The Hardware does not change by going home or using wireless vs lan. 

    __________________________________________________________________________________________________________________

  • No, I'm not removing the hardware. The three network cards are still installed in the Windows Client. Windows just says that two of the network cards have their network cables disconnected.

    The "connect" in VMware Workstation is really like removing the cable.

    Only when I remove the network cards completely from the VMware configuration, is the hardware removed from the Windows client.

    Alexander Poettinger

    Sophos Certified Architect - XG
    Sophos Certified Technician - XG
    Sophos Certified Engineer - UTM

    xame gmbh
    Sophos Gold Partner