Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 5811 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

application control openvpn selection breaking sophos xg vpn client installation

onward

is there a way to continue blocking openvpn in a sophos central application control policy without breaking the sophos ssl vpn 2.1 clients published from an xg?  getting "use of application openvpn blocked by your administrator" during installation attempts with that selected in the policy.



This thread was automatically locked due to age.
Parents
  • 0

    Hello deployed,

    Try creating a group for your XG users in Sophos Central, and setting a different Application control policy for them (otherwise, please clarify what are you requesting exactly).

    Log in to Central
    Go to Overview--->Endpoint Protection Dashboard--->Policies
    Locate the Base policy for Application Control
    Click on it
    Use the top right button "Clone" to make a new policy.
    Change the settings as needed, include the groups/users you'd like to add to it
    Ensure Policy Bypass is ticked (so that the policy is enforced)
    Be sure to Save your changes (top right).
    Test functionality for the selected users.

    Here are some additional steps regarding how to create/edit policies in Sophos Central. 

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • 0 in reply to Barb@Sophos

    Thanks for the response.  The goal of the application control is to ensure our employees can only run the Sophos vpn client we provide and not any other vpn client.  The problem is that when openvpn is selected in Central's application control policy the Sophos ssl vpn client downloaded from the XG user portal is blocked.  If openvpn is no longer blocked in the policy that opens up the possibility of a user being able to run another openvpn client variant.   I think there needs to be some distinction made in the Central policy for the Sophos client vs generic openvpn or other openvpn variants.

  • 0 in reply to onward

    Hi deployed,

    Per our documentation 

    Installing the SSL VPN client software on Windows
    Run the downloaded SSL VPN client.

    Note: If you have an application control software, make sure to unblock OpenVPN and SSL VPN Client for Windows in order for the installation to be successful

    To submit an idea/feedback, please click here 

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

Reply Children
No Data
Unfiltered HTML