How to configure the new Sophos Connect VPN in 17.5

I have that rule in place to allow access to the different vlans for the SSL VPN assumed that same VPN rule was being used by Client Connect.

Grab the updated installer v1.1 came out last night.

https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sophos-connect-1-1-released

Also for those wanting to restrict access to certain subnets / networks you can do this by modifying the TGB file with the admin tool.

LuCar Toni Linked it earlier:

https://community.sophos.com/kb/en-us/133109

I did this and then pushed the Sophos Connect MSI and TGB file out via PDQ to all my VPN users. So far it's been solid.

I find it easier to manage than SSL-VPN due to the certificate per user issue.

Little sneak peek.. Check out the installation directory on windows. There is something called sccli.exe

Open this with Cmd --help :) 

Hmmmmm.....

add options:
-f, --file PATH Adds the connection from the specified path.
-d, --data Send the file data instead of the file path.
-n, --name NAME The user-friendly name of the connection. If this option
is omitted, the name will be determined automatically.
-a, --auto Automatically enable the connection. (TBD)
-V, --verbose Show verbose messages.
-H, --help Show help for the add command.

* The add command will fail in environments where policy does not allow
unmanaged connections to be used.
* If the add command is successful, the connection's name will be written to
the command line. This name is used in other command line options.
* If the auto option is omitted, the connection may still automatically be
enabled based on the settings in the connection file.

Thanks for this. Mine was made that way also, just with PSK, but nonetheless, the same.

Haven't had the time to fiddle with it, until today, so instaleld the new version, and boom, it all worked :-D 

Hooray and merry x-mas ;)

Have added DC as DNS IP, I can ping the DC on IP, but not resolve domains. have any of you, got internal DNS working?

I configured Sophos Connect on my XG, downloaded client and installed.  I can't even make a connection.  I see "Connection may fail because IKE UDP Port seems to be blocked".    It does seem like my XG has ports 500 and 4500 closed.  I have no firewall rule configured for Sophos Connect - didn't think one was needed but perhaps that's another documentation shortfall.  Any advice will be appreciated.

Thanks!

I'm also having the same issue with IKE UDP port being blocked. What's the best solution to this? Opening up those two ports?

Hi,

is there a upstream router on the wan interface? use the admin tool and load the configuration. please verify the FQDN or IP-Adress of the host.

best regards
Detlef

This will require some troubleshooting to determine where along the path to the gateway (XG) UDP port 500 is blocked. scvpn.log file will provide some additional details. The log file can be found in c:\program files (x86)\sophos\connect on Windows and /var/log on Mac OS. Please post that file here so it can help me to determine the problem.