This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SSL VPN Client EOL: What does this mean for UTM?

Hello everybody,

just a few minutes ago, I've received an End-of-Life notification from Sophos regarding the EOL of the Sophos SSL VPN Client on January, 31st 2022.

According to the email, one can still use the SSL VPN after the fact, but using an EOL security product does not strike me as a good idea.

According to the email, we should replace the SSL VPN client with the "new and improved" Sophos Connect v2 client.

I'm unclear however, how to best go about this.

SOP right now for our users:

1. Open up the UTM user portal.

2. Download and install the SSL VPN client.

3. Proft.

How can I go about providing my users with the new VPN client? Is this client still OpenVPN based? Do I need to change anything about the VPN configuration of our UTM?

I'm honestly quite surprised to learn that SSL VPN is EOL, it's the first I've heard about this and January 22nd isn't really far off.

Regards,

Dominik



This thread was automatically locked due to age.
Parents
  • Hi,

    I think the SSL VPN will cease on the XG and XGS but not the UTM. As you rightly pointed out, Sophos Connect is not available to download and unless they rush out a patch to the UTM to allow that then how can they expect to pull the plug from the UTM? It does state that it will continue to work so you'll be ok for the moment but need to plan to migrate them away from the SSL VPN. Whether this means OpenVPN software and you download the .ovpn config file from the user portal instead could be the case.

    I'm quite surprised at the sudden announcement myself but UTM is slowly being wound down, its old technology and although I love the layout/configuration, the XG/XGS are the way Sophos are going and we can't stop that.

    My advice is plan now to replace UTM with the XGS, the sooner the better to avoid sudden announcements like this causing headaches.

  • Hi,

    Gave Sophos Connect a try and was able to get it running with IPsec.
    For SSL, I tried to import a working, SSLVPN file (ovpn) but was not able to connect.
    Connect comes up with a policy mismatch notification.
    Checking the logs, it looks like we have an issue with our UTM certificate (certificate format error in field: Validity Not After).

    I wonder whether regenerating the certificate would solve that issue. However doing so, would most likely invalidate all previously issued user certificates – am I right?

    Currently thinking about staying with old SSLVPN or finding a way to assure a smooth transition to Connect. Migrating to XG or a change to another solution is not planned before mid next year.

  • How old i your installation? There was a older issue with the certificate, if you did not resolve this, it could eventually come up now. 

    __________________________________________________________________________________________________________________

Reply
  • How old i your installation? There was a older issue with the certificate, if you did not resolve this, it could eventually come up now. 

    __________________________________________________________________________________________________________________

Children
No Data