Sophos Connect Migration script from UTM SSLVPN

Disclaimer: This information is posted as-is and the content should be referenced at your own risk

Hi all,

This is a very early beta of a script that does the following:

- Takes a backup of the old ovpn config from SG UTM SSLVPN

- Removes old SG UTM client

- Installs Sophos Connect

- Imports the old config into Sophos Connect so user can still connect to UTM

- Installs a provisioning file for the coming Sophos Firewall, so migration should be easier :-)

Have testet it all, it works so far good, but do not implement in production before thoroughly tested :-)

@echo off

IF NOT EXIST "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client\uninstall.exe" goto :eof
	REM Remove the old client
	REM Kill running programs, preventing uninstall
	taskkill /im openvpn* /F
	timeout 2
	REM Backup the OVPN config file
	rem rmdir "c:\!vpn" /s /q
	mkdir c:\!vpn
	copy "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config\*.ovpn" c:\!vpn\
	REM Use uninstaller to remove the client
	cd\Program Files (x86)\Sophos\Sophos SSL VPN Client
	Uninstall.exe /S
	timeout 10
	REM Do folder cleanup - if not, Sophos Connect refuse to install
	rmdir "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client" /s /q

	SET Sophos_Connect=Sophos\Connect\scvpn
	IF NOT EXIST "%ProgramFiles(x86)%\%Sophos_Connect%" GOTO INSTALL
	exit /b 0
	IF NOT EXIST "%ProgramFiles%\%Sophos_Connect%" GOTO INSTALL
	exit /b 0
	msiexec.exe /i "\\server\share\SophosConnect.msi" /QN
	timeout 5
	REM Deploying SSLVPN provisioning file - user must connect once with the client to fetch their profile when SF is in place.
	REM Userportal on SF must be accessible and with a valid certificate!
	copy /Y "\\server\share\" "C:\Program Files (x86)\Sophos\Connect\Import\"
	REM Deploying old SSLVPN for UTM 
	copy /Y "c:\!vpn\*.ovpn" "C:\Program Files (x86)\Sophos\Connect\Import\"
	REM Start Gui - tray icon.
	start "" "C:\Program Files (x86)\Sophos\Connect\GUI\scgui.exe"


        "gateway": "", 
        "user_portal_port": 4445, 
        "otp": false, 
        "auto_connect_host": "", 
        "can_save_credentials": true, 
        "check_remote_availability": false, 
        "run_logon_script": false 

Attached are the bat file and the provisioning file :-)

Let me hear your thoughts :-)

added disclaimer
[edited by: FloSupport at 7:33 PM (GMT -8) on 1 Dec 2021]