This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SSL VPN Client EOL: What does this mean for UTM?

Hello everybody,

just a few minutes ago, I've received an End-of-Life notification from Sophos regarding the EOL of the Sophos SSL VPN Client on January, 31st 2022.

According to the email, one can still use the SSL VPN after the fact, but using an EOL security product does not strike me as a good idea.

According to the email, we should replace the SSL VPN client with the "new and improved" Sophos Connect v2 client.

I'm unclear however, how to best go about this.

SOP right now for our users:

1. Open up the UTM user portal.

2. Download and install the SSL VPN client.

3. Proft.

How can I go about providing my users with the new VPN client? Is this client still OpenVPN based? Do I need to change anything about the VPN configuration of our UTM?

I'm honestly quite surprised to learn that SSL VPN is EOL, it's the first I've heard about this and January 22nd isn't really far off.

Regards,

Dominik



This thread was automatically locked due to age.
  • Hi,

    I think the SSL VPN will cease on the XG and XGS but not the UTM. As you rightly pointed out, Sophos Connect is not available to download and unless they rush out a patch to the UTM to allow that then how can they expect to pull the plug from the UTM? It does state that it will continue to work so you'll be ok for the moment but need to plan to migrate them away from the SSL VPN. Whether this means OpenVPN software and you download the .ovpn config file from the user portal instead could be the case.

    I'm quite surprised at the sudden announcement myself but UTM is slowly being wound down, its old technology and although I love the layout/configuration, the XG/XGS are the way Sophos are going and we can't stop that.

    My advice is plan now to replace UTM with the XGS, the sooner the better to avoid sudden announcements like this causing headaches.

  • Thanks for answering!

    I'm currently looking into simply replacing all of our VPN needs with PFSense and wireguard. We've already migrated WiFi to Ubiquiti Unifi two years ago, VPN was the last reason we even still had a Sophos UTM around.

    It'll be sad to see it go, but this sudden announcement is as good a reason as any...a crying shame, been using Sophos UTM since it was still called Astaro Security Linux, but the writing really is on the wall.

  • We will still use UTM for several more months before moving to XG. The email that i got said:

    "Sophos Connect v2 is our new and greatly enhanced VPN client that works with both Sophos (XG) Firewall and Sophos (SG) UTM. "

    So it says that it works with the UTM. Can't figure out how to make it work at the moment. 

  • See: https://support.sophos.com/support/s/article/KB-000043484?language=en_US

    You can use the Sophos Connect Client like the SSLVPN Client with UTM as well. It will import the OVPN files of the old Client and basically work like the current client.

    It will not have any "new features" like auto provisioning or adjustments on the Config etc. 

    __________________________________________________________________________________________________________________

  • The issue is the UTM you cant download the Sophos Connect Client to start with. I wonder if Sophos will make it downloadable via their website.

  • __________________________________________________________________________________________________________________

  • I already tested it (ssl) with Windows and Mac using the current version of Sophos connect, Unfortunately I do get an an error importing the config on Mac (unknown file format) while it works on Windows (...) Is there an update coming up soon for Mac ?

  • SSLVPN  is not supported on MacOS. As far as i remember, SSLVPN on UTM did not support MacOS as well. 

    __________________________________________________________________________________________________________________

  • Ok. but it's planed for the pending/upcoming version for Mac, isn't it ?

  • MacOS is planned for the backlog. If you want to look into MacOS, it would be a good shot to also consider looking into ZTNA. 

    Many analyst and tech people assume VPN to be replaced by ZTNA in the near future, especially in times of home office. It resolves plenty of pain points of VPN from years. 

    __________________________________________________________________________________________________________________