This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect vs. Sophos SSL VPN client - a new limitation regarding multiple connection options to the same firewall?

I regret that the new VPN software "Sophos Connect" brings a deterioration in one important point. At least, I can't find a way to eliminate this shortcoming:

One cannot use the application to apply multiple identities against the same firewall. Normally, I use my Active Directory account for normal VPN access via a Sophos SG (device A). However, if I want to enter a specially protected administration network, then I have to use a local account on the Sophos SG135 (device A). Storing two access identities is now no longer possible with "Sophos Connect", because a single identity can only be set there in relation to one Sophos SG135 (device A).

With the application "Sophos SSL VPN client" you can manage and use multiple accounts for one Sophos SG.

Am I wrong?

This thread was automatically locked due to age.

Top Replies

PhilippRusch over 1 year ago in reply to Martin Wünsch +2 verified

Hello Martin, have a look here: https://sourceforge.net/projects/securepoint/ We used this modified and free Open-VPN derivate with good success at some installations, as it has more options and comfort…

Parents

+1 LuCar Toni over 1 year ago

First of all, SSLVPN uses a client certificate, which is bound to a user. So basically you authenticate with a cert and a specific user.

So the way, how Sophos Connect and SSLVPN (trafficlight) works, should be the same. You should be not able to use a different user with the same ovpn file.

__________________________________________________________________________________________________________________
Cancel
Vote Up +1 Vote Down

Cancel
0 Martin Wünsch over 1 year ago in reply to LuCar Toni

Sorry, I forgot to mention that. Exactly as Philipp Rusch adds, the point is that any *.ovpn configuration of firewall A replaces an existing configuration. It is not possible to hold different configurations in parallel in Sophos Connect with respect to one target device.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 1 year ago in reply to Martin Wünsch

In general, the Sophos Connect Client was designed to use for a customer. The use case of a Partner (connecting to different firewalls) is not covered by this tool in general and was not intended to do so. But to be honest, the market is full of tools for such scenarios with different scenarios.

From a security perspective, personally found it to be "dangerous" to have a Partner network with full access to all customers. It comes down to the same scenario like: having a notepad document with all passwords on a desktop to all customers. This is something like a supplychain attack scenario, which gives you full access to all customers by hacking a partner site.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 LuCar Toni over 1 year ago in reply to Martin Wünsch

In general, the Sophos Connect Client was designed to use for a customer. The use case of a Partner (connecting to different firewalls) is not covered by this tool in general and was not intended to do so. But to be honest, the market is full of tools for such scenarios with different scenarios.

From a security perspective, personally found it to be "dangerous" to have a Partner network with full access to all customers. It comes down to the same scenario like: having a notepad document with all passwords on a desktop to all customers. This is something like a supplychain attack scenario, which gives you full access to all customers by hacking a partner site.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data