This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect vs. Sophos SSL VPN client - a new limitation regarding multiple connection options to the same firewall?

I regret that the new VPN software "Sophos Connect" brings a deterioration in one important point. At least, I can't find a way to eliminate this shortcoming:

One cannot use the application to apply multiple identities against the same firewall. Normally, I use my Active Directory account for normal VPN access via a Sophos SG (device A). However, if I want to enter a specially protected administration network, then I have to use a local account on the Sophos SG135 (device A). Storing two access identities is now no longer possible with "Sophos Connect", because a single identity can only be set there in relation to one Sophos SG135 (device A).

With the application "Sophos SSL VPN client" you can manage and use multiple accounts for one Sophos SG.

Am I wrong?



This thread was automatically locked due to age.
Parents
  • First of all, SSLVPN uses a client certificate, which is bound to a user. So basically you authenticate with a cert and a specific user. 

    So the way, how Sophos Connect and SSLVPN (trafficlight) works, should be the same. You should be not able to use a different user with the same ovpn file. 

    __________________________________________________________________________________________________________________

  • Sorry, I forgot to mention that. Exactly as Philipp Rusch adds, the point is that any *.ovpn configuration of firewall A replaces an existing configuration. It is not possible to hold different configurations in parallel in Sophos Connect with respect to one target device.

  • In general, the Sophos Connect Client was designed to use for a customer. The use case of a Partner (connecting to different firewalls) is not covered by this tool in general and was not intended to do so. But to be honest, the market is full of tools for such scenarios with different scenarios.

    From a security perspective, personally found it to be "dangerous" to have a Partner network with full access to all customers. It comes down to the same scenario like: having a notepad document with all passwords on a desktop to all customers. This is something like a  supplychain attack scenario, which gives you full access to all customers by hacking a partner site. 

    __________________________________________________________________________________________________________________

Reply
  • In general, the Sophos Connect Client was designed to use for a customer. The use case of a Partner (connecting to different firewalls) is not covered by this tool in general and was not intended to do so. But to be honest, the market is full of tools for such scenarios with different scenarios.

    From a security perspective, personally found it to be "dangerous" to have a Partner network with full access to all customers. It comes down to the same scenario like: having a notepad document with all passwords on a desktop to all customers. This is something like a  supplychain attack scenario, which gives you full access to all customers by hacking a partner site. 

    __________________________________________________________________________________________________________________

Children
No Data