Hey everyone, I'm pleased to announce the next update to the Sophos Connect EAP. IT's taken more time than we wanted, but we're back on track.This release primarily addresses the CAPCHA changes on XG, with the first round of changes. We'll make further enhancements with a new provisioning protocol in a 2.1 release later this year, but this will allow users to provision VPN connections, regardless of whether the CAPCHA is enabled or not.
From this update, we're planning to move quickly to GA in September, if all goes smoothly in testing.
Enhancements:NCL-1207 Support enhanced provisioning process with CAPCHASophos Connect will show a CAPCHA to the connecting user on provisioning attempts against a gateway, if CAPCHA is enabled.
NCL-1179 Improved support for MFA providers (DUO, OKTA, ,etc..) when appending token to passwordWhen using append mode, some MFA vendors require a separator character between the users password, and the appended token value. This update adds a '2fa' option to the provisioning file, where admins can indicate whether they are using a vendor that requires a separator character, so the existing mfa option in Sophos Connect will work seamlessly for end users.
NCL-68 Support RegisterDNS on connect for windows domain clientsThis update enables the network adaptor used by Sophos Connect trigger a RegisterDNS event when the client connects successfully.
Issues Resolved:NCL-1182 Correct issue preventing Sophos Connect from installng on some Windows 7 and 8 systems
Here's the link to download. check it out, and happy testing!
Download linkDownload Sophos Connect 2.0 EAP Update
Yes, it wil :)
Any update on if this will be GA this month ?
Hey Emile, the MFA enhancement in this update is client-side, has nothing to do with xg username formats. That's a separate feature enhancement to he handled on XG itself, and not in the client.
So instead of fixing the RADIUS/Access Server issue with character stripping meaning you could use external MFA providers with push notification and allow those users to match locally imported users in UPN format (which is how they're designed to import, your alternate method is substandard and requires too much maintenance), you've designed a new feature only for One Time Password.
Why is the issue being "band-aided" instead of resolved properly so it can use backend RADIUS servers and match imported AD users correctly?
I got the message "You must uninstall SSL VPN client before" ... They want to make sure you won't be able to contact to your office anymore.