Remote Access SSL Change - does this type of change require a new profile for end users?

I am not an expert on the Sophos UTM but I know enough to be dangerous.

Recently, under Remote Access > SSL > Settings, we made a change to the port being used which required every employee using the VPN to download a new config/profile on every device they use. On Windows, it's an easy installation, but not so straightforward on iOS devices (and sometimes MacBooks if the end-user isn't really familiar with VPN's)

I didn't realize that a change to that port number would cause a new config (because I'm ignorant and in a hurry), but I understand now why it would.

The Problem:

I need to allow multiple user connections concurrently. For example, our Software Dev team (most of whom work remotely) runs a Macbook, with a Windows VM on it.   Both "devices" need to connect to the VPN.

If I change that one setting that allows multiple concurrent sessions under Remote Access > SSL > Settings Tab (there is a check box at the bottom) will that also require that all users download/install a new profile?

I was hoping that a global setting like that would NOT affect individual profiles.

But I've been wrong before (obviously).

Any help would be greatly appreciated.

  • Hello Ron,

    Thank you for contacting the Sophos Community!

    When enabling or disabling Duplicate CN is NOT necessary for users to re-download the Config File.

    When modifying something in the Settings >> Server Settings as well as under Advanced >> Cryptographic Settings ((then users will need to re-download the config).

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hey Ron - welcome to the UTM Community!

    Like Emmanuel said - you're safe.

    To get an idea of what's in the config file, look at one on a Windows box in C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config.  You'll see that an option for the users would be to change the port in the config file on their laptop.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA