thank you to the many thousands of users who used Sophos Connect 2.0 during EAP! I'm pleased to announce that testing is complete, and we are now ready to launch Sophos Connect 2.0:
The client can be downloaded below, and it ill also be released via pattern update to XG firewalls, later today.
The main focus of this release is adding support for SSL VPN, while making it possible to bulk-deploy SSL VPN as easily as you can Sophos Connect v1.
Hi Alan, the pattern update is not visible yet in NL. Any idea?
Has the ability to customize the OTP re-prompt timer on the IPSec client been added?
auto-connect_host is how the client can determine if it is home or away. It will first compare the auto_connect_host value to the dhcp dns suffix. if that matches, then it is home, and won't try to connect. otherwise, if it can ping the hostname or IP, then it will also consider itself to be local, and not attempt to connect. Otherwise, if it can't ping it, and it doesn't match the dns suffix supplied by dhcp, then it will attempt to connect.
check_remote_availability checks all IP addresses and hostnames supplied in the ovpn configuration, and removes those that cannot be reached from its connection profiling. so if some are private internal IPs, then this option can in some cases speed up the connection process.
run_logon_script works only in AD environments, and on connect, will attempt to trigger configured AD logon scripts to be run. Without this option, AD logon scripts typically will not run on connect.
Hi Ajay, IPsec can only connect to one gateway. That's an XG limit in the way the feature is implemented. SSL VPN will attempt to connect to any connection available. You can specify order in the provisioning file. the gateway_order parameter has three options."distributed" will choose a gateway at random, then connect to that gateway address as long as it is available. If it is no longer available, then it will randomly select another gateway. "latency" will measure the connection time to each gateway, and prefer the closest gateway.The latency is measured by a connection attempt, and not a simple ping. Assuming that many connections to a single gateway will result in higher latency, then this might be the best option for you to try.