SSL-VPN

Aline,

in order to force your users to connect to your corporate, you could use a NAC product or you can even use Sophos Heartbeat. Using Sophos HB, if the remote computer does not have Sophos installed in a healthy status, the computer does not have any permissions to access internal resources.

Regards

Aline,

in order to force your users to connect to your corporate, you could use a NAC product or you can even use Sophos Heartbeat. Using Sophos HB, if the remote computer does not have Sophos installed in a healthy status, the computer does not have any permissions to access internal resources.

Regards

Have a look at this thread:

https://community.sophos.com/products/xg-firewall/f/authentication/95069/is-it-possible-to-add-mac-address-filtering-to-ssl-vpn-authentication

It will not prevent its users to install Sophos and VPN on a private machine. If the user install HB, it'll work.

No ?

Hi,

I have been trying to restrict access to internal resources when connected to SSL VPN by enabling HB on the XG firewall rule. However whenever I enable the option "Minimum Source HB permitted" (either yellow or green status) - then no restrictions take effect. i.e. can still access internal resources.

When I enable the option "Block clients with no heartbeat" then all access to internal resources are denied.

I am testing this from a remote machine (at home) that has Sophos Endpoint installed. I can also see that the endpoint has a live status/checked into the Sophos Central. However this endpoint does not show up on the XG firewall Heartbeat widget.

Have you managed or heard of anyone getting this scenario to work?

Thanks,

Were you able to get this working? I am seeing the same thing. It is almost like the heartbeat does not transfer over the SSL VPN.

Hi,

there is a KBA for this setup.

https://community.sophos.com/kb/en-us/132526