Sophos Connect Client - disappearing SSL VPN connection

I can confirm the problem with disappearing profiles in the Connect client. Mainly with imported provisioning files on notebooks, which change networks regularely. User profiles are not changed on these systems. Problem comes up in the first days of initial use of the Connect client and then goes away.

It is still so rare that we cannot recognize a pattern. We are evaluating connecting domain joined devices with windows integrated L2TP instead of Connect client.

We also tried L2TP over IPSec but had to discard it. Since Sophos only supports IKEv1 here, at least in Germany with DS lite Internet connections that do not have a full IPv4 address, there are problems that no connection can be achieved (e.g. Vodafone Cable or Deutsche Glasfaster). IKEv2 would solve the problem but here the option for remote access is not supported and is only available for site-to-site connections. Where the problem is with allowing this for one and limiting it for remote access is not clear to me. There have been countless threads here over the years asking for IKEv2 for remote access. They prefer to refer people to ZTNA in order to make propably more profit.

That's true. In genereal there are no improvements regarding remote access since ?? With sophos connect the same, no update since ??, a lot of know issues and bugs with SSL VPN, provisioning and MFA.

Ok thats good to know. ZTNA is no solution for a domain joined device, which has to connect to an internal domain controller or similar. I think we will open a ticket at least for the disappearing profiles problem.

Are there any new findings on the topic? We are affected by this too, and it's just annoying, especially the users we can't help.

Hi Karl,

Thank you for reaching out to Sophos Community.

We regret to hear about your experience. Have you tried the workaround instead of fast switching?

I haven’t found any recent cases under your registered Community email. I would recommend creating a case for further checking. 

OK, i do it.

Mal ein Update zu dem Thema. So wie es ausschaut liegt es daran, das nach einem Neustart eines betroffenen Rechners der Sophos SSL VPN Client seine Konfiguration noch nicht geladen hatte. Wenn man allerdings nach der Anmeldung am Windows 2-3 Minuten wartet, dann wird im Sophos-Client die Verbindung angezeigt. Wir haben einmal die VPN Prozesse und das entsprechende Verzeichnis wo der Client drin liegt vom Virus Scan ausgeschlossen, das ging dann schon etwas schneller aber so das gelbe vom Ei war es noch nicht.

Hi Karl,

Thank you for reaching out to Sophos Community and for the update. Upon checking your case 07201979. Which is now closed. 

" We once excluded the VPN processes and the corresponding directory where the client is located from the virus scan."

Would it be possible to test the following device without an Anti-virus to isolate the issue from the endpoint? 

Just out of interest, was the virus scanner Sophos's own Intercept X or another virus scanner?

Just out of interest, was the virus scanner Sophos's own Intercept X or another virus scanner?

We use Eset Endpoint Protection

Hi,

good to know, we also have this problem and use ESET (especially with LiveGuard). We will test the exclusion, too.

This should be: "c:\Program Files (x86)\Sophos\Connect\protected\*", correct?

You need exclude the Folder "c:\Program Files (x86)\Sophos\Connect" and Realtime Scan Processes of the SSL VPN Connect Client.