Sophos Connect VPN Timeout

Hi Wimar Aswan 

Are you using Sophos Connect Client?

Could you please share the configuration screenshot?

Hi Keyur,

Please see below. Let me know if any further information is required. Thanks.

XG210 (SFOS 18.0.0 GA-Build321)

Sophos Connect client configuration:

unfortunately this has created a very sad situation for companies like us that need to stay online for 10 hours.

When we examine different products, we see that this problem is not with them.

we expect a very urgent update on this issue.

Looking at the SC 2 EAP, I believe the plan is to allow the remote access IPsec policy to be modified or allow the SC configuration to use custom IPsec policy. This will allow the rekey/disconnection to be set as needed. In saying that, there is no ETA so it is not known when the functionality will be added.

In this difficult period of the world, employees switched from home to work model. Unfortunately, sophos users can experience this process for 4 hours.

it is very sad that we can support this difficult process.

Hello Ozgur,

You can use SSL VPN with Sophos Connect 2.0. For the SSL VPN policy on XG you can configure Key Lifetime to a larger value that you desire. Also SC 2.0 will support provisioning file, to download the SSL VPN configuration automatically and you can enforce MFA with OTP or DUO. 

Please let me know if you have any addition questions.

Regards,
Ramesh

Hi
can you share download link
I downloaded it from the link below and I didn't see any changes

community.sophos.com/.../sophos-connect-2-0-early-access

Hello Ozgur,

After you download the client, basically you can configure the client to use SSL VPN instead of IPsec. For SSL VPN you can configure the key lifetime. You can PM me and I can help you to answer any additional quesitons.

Regards,
Ramesh

Hi

unfortunately this part is not enough for me

thanks

Hello Ozgur,

I did not follow. 

Ramesh

Please advise if there is an ETA to the resolution of this issue.  Four or five hour timeouts without warning is not acceptable for users, and suggests the MFA should not yet be enabled in Sophos Connect.

I see from another thread that Sophos Connect 2.0 now allows connections to use the SSL VPN instead of Sophos Connect as a work around for this issue.  Does this suggest Sophos is moving away from Sophos Connect and adopters of Sophos Connect should move to SSL VPN instead?

Please advise if there is an ETA to the resolution of this issue.  Four or five hour timeouts without warning is not acceptable for users, and suggests the MFA should not yet be enabled in Sophos Connect.

I see from another thread that Sophos Connect 2.0 now allows connections to use the SSL VPN instead of Sophos Connect as a work around for this issue.  Does this suggest Sophos is moving away from Sophos Connect and adopters of Sophos Connect should move to SSL VPN instead?

Sophos is actually integrate SSLVPN into Sophos Connect, that Sophos Connect is able to handle both. 

This is currently possible but with limits. 

The goal is, that the User based certificated will be automatically be integrated and the admin/user does not have to do it by their own. Currently Sophos Connect 2.0 supports manual SSLVPN config import by the user and this works fine.