I have a new xgs (SFOS 20.0.0 ) and would like for the guest wifi users to be able to connect to our vpn. How can I achive that?
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
I have a new xgs (SFOS 20.0.0 ) and would like for the guest wifi users to be able to connect to our vpn. How can I achive that?
Hi,
Thank you for reaching out to Sophos Community.
To verify, What kind of VPN are you referring? Remote(IPsec/SSL)/Site-to-site?
Also, for safety concerns and consideration, the purpose of the guest networks is to separate unknown/unsecured devices from the internal network. Providing VPN access to guest users involves security risks.
You may create a VPN policy/add to permitted network resources, allow Wifi to VPN on device access, and create a separate Firewall Rule for the guest network.
For more information, refer to the following link. You can also check the Sophos Assistance to guide you.
Erick Jan
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
thanks for your reply. I am referring to SSL VPN. My issue is that when contractors (that have vpn access) are at our premesis to do some work, instead of giving them our internal wifi password they connect to the guest network and then connect to vpn.
thanks for your reply. I am referring to SSL VPN. My issue is that when contractors (that have vpn access) are at our premesis to do some work, instead of giving them our internal wifi password they connect to the guest network and then connect to vpn.
Hello,
I am considering that you may be using the Sophos AP/APX devices in the network. You may create the separate zone with the new SSID and your guest users can connect to that network.
Mayur Makvana
Technical Account Manager | Global Customer Experience
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question please use the 'Verify Answer' button.
Hello,
Is it deployed in bridge or route mode? You might need to work out on your APs to achieve this.
You may create the separate SSID on Unifi APs.
Mayur Makvana
Technical Account Manager | Global Customer Experience
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question please use the 'Verify Answer' button.
I think this would involve a DNAT loopback rule from your Guest network to your public IP? Not sure if additional permissions would be necessary or if the XSG considers a loopback to essentially come from the internet. (Which is your goal.)