Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 1834 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect - Does the User Portal have to be on the WAN interface for it to work?

ptho

As title suggests - we noticed that Sophos Connect only seems to work if the User Portal is enabled on the WAN interface.

This raises a point though > with MFA enabled this should be secure, however for people who were yet to setup MFA, would they not need to first enrol by scanning a QR code, in which case, for first time users the User Portal is effectively not secured by MFA.

So, in theory, an attacker with credentials only could then access the user portal via a web browser, log in with the credentials, then scan the QR code effectively setting up MFA.

Am I missing something here?



This thread was automatically locked due to age.
  • 0

    Hello,

    do you mean the Sophos Connect Client does not establish a VPN session with your system, when you do not enable User Portal to the WAN interface?

    I never had this effect.

    Or do you mean setting up the Sophos Connect Client for users the first time?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    Hi,

    Typically we have the User Portal available on the LAN only. In internal testing the Sophos Connect client works OK. When testing from offsite, the client fails to connect. Turning the User Portal 'ON' for the WAN Zone seems to resolve this.

    I will have to test this again later tonight to get the exact error message. If this is unexpected then perhaps I have misconfigured our test policy? If so, please may you point me in the right direction?

  • 0 in reply to ptho

    Sophos Connect will use the User Portal to fetch a Policy (ovpn). But ovpn files (already fetched profiles) will continue to work, without the user portal. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Interesting, so in which case we can instruct the user base that they must first use the Connect client at least once onsite for the config to pull down, and then it will work from offsite without needing to have the User Policy enabled on the WAN?

Unfiltered HTML