Somehow I missed getting the EOL notices for SSLVPN and only saw the information this past week when looking at FW 9.710-1 upgrade . I'm having my end-users, log into the present portal (9.709-3), download their .OVPN config, uninstall 2.1 and then install Connect v2 and import their profile. I assume this is "kosher" and no changes are actually needed on the UTM side?
I'm planning on upgrading the FW to the 9.710-1 on two SG units this weekend and I know that the old client will work with the new FW; however, is there a way to stop the old client from working with the new FW ( I was going to give them a week to migrate over to C v2), or even throw a warning about the use of an older client when they connect?
Clients should work as they have before, with either client. The new Connect software won't install with the old client still installed and error out, but other than that, should be okay. It will throw an error when installing Connect if SSLVPN is installed.
Quick and dirty notifications - you can use the welcome message on the User Portal page to notify them if your license is current (Management > User Portal, then Advanced tab - but this would only show when they log into User Portal). You can also use AD GPO to push a notice to remote access users if you want to go there, or there is a script I believe that might work for you, if you are inclined to use it to install: Sophos Connect Migration script from UTM SSLVPN - Recommended Reads - Sophos Firewall - Sophos Community
UTM - 9.713-19 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz 16GB Memory | 500GB SATA HDD | GB Ethernet x5