Hello, does anyone have an idea how I can ensure that a VPN configuration is not transferred to a private device or that it cannot connect using it? I want to use SSL VPN with Sophos connect client.
Sophos Connect cannot control this. As we use OpenVPN, everybody could potentially download the ovpn file and reuse it on a 3rd party device.
The only way to do this right now is to use a solution like ZTNA. ZTNA will be only available for the Admins, not the enduser, as it is tied to the Sophos Central Installer.
One solution to this issue is to use the heartbeat functionality of the endpoint protection. Surely they can get the config and reuse it on another device and they will be able to connect to the SSL VPN but they can't reach anything because the firewall rules require a green heartbeat. It is not perfect but it should provide a similar effect.
Quote