If someone also has the problem that the Sophos Connect client doesn't replace the DNS addresses then you've found a bug:
"This is known to the Sophos Dev team and is going to be fixed with Sophos Connect 2.3 with ID NCL-1383"
If you have a client automation tool you could fix it via something like this:
Get-NetAdapter -InterfaceDescription 'Sophos TAP Adapter' | Set-DnsClientServerAddress -ResetServerAddresses
Will set it back to DHCP. To fix it within the same task this command could help you:
Get-NetAdapter -InterfaceDescription 'Sophos TAP Adapter' | Set-DnsClientServerAddress -ServerAddresses ("%DNS_SERVER_1%","%DNS_SERVER_2%")
This thread was automatically locked due to age.