Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote access SSL VPN with certificate only based authentication

Hello!

I know that a few years ago there was a feature request on the currently retired Sophos's ideas portal, regarding remote access SSL VPN with certificate only based authentication, for Sophos XGS firewalls. Does anybody know if it's possible right now to implement such a VPN connection?

Thanks!



This thread was automatically locked due to age.
Parents
  • Hi cicro,

    Thank you for reaching out to Sophos Community.

    Upon checking, this is under SFSW-I-1966 Feature request and is waiting for PM review, you may reach out to Sophos Support to have your account link with the said Feature Request

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • This is a huge gap for Sophos at the moment, and one of the best ways to prevent account lock-outs on VPN connections; without certificate based authentication lots of accounts get locked out due to brute force password attacks against known user accounts.  Even with MFA account lockout is still possible.

    Many other vendors support this; it's about time Sophos adds it.  I'd love to see it as a secondary method in addition to MFA push so that we know it's the user and not someone controlling their machine with a RAT.

Reply
  • This is a huge gap for Sophos at the moment, and one of the best ways to prevent account lock-outs on VPN connections; without certificate based authentication lots of accounts get locked out due to brute force password attacks against known user accounts.  Even with MFA account lockout is still possible.

    Many other vendors support this; it's about time Sophos adds it.  I'd love to see it as a secondary method in addition to MFA push so that we know it's the user and not someone controlling their machine with a RAT.

Children
No Data