Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 28 subscribers
  • Views 1686 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Security of Sophos Connect VPN Client

H M2

As a SOPHOS Firewall Administrator, I have downloaded and installed SOPHOS Connect Client on a laptop to be given to an employee, and also imported the connection, then entered the username and password and successfully connected to VPN. 'Auto-Connect' has also been enabled for this connection.

After handing over the laptop to an employee, can the employee do any of the following:

1. Export the entire SOPHOS Connect Client from the given laptop, along with connection and authentication information to any other laptop/ desktop (without intervention of SOPHOS Firewall Administrator), and be able to connect to VPN from that new laptop/ desktop

2. Export only the connection and authentication information, (without intervention of SOPHOS Firewall Administrator), to any other laptop/ desktop where an SOPHOS Connect Client is already installed. So that the user can connect to VPN using this connection from that new laptop/ desktop

3. If a connection is set for 'Auto-Connect', can it be revoked. Also, if a connection is set for 'Auto-Connect', can the user view the 'user ID and Password' 

 

 



This thread was automatically locked due to age.
Parents
  • FormerMember
    +1 FormerMember

    Hi  

    Thank you for reaching out to the Community!

    Answer to questions 1 and 2: The user can't export the entire Sophos connect client, connection, and authentication information to any other laptop/desktop. "Once the Sophos connect client imports, the connection is encrypted and is no longer accessible for the user to view the configuration file. So if the configuration file is pushed via GPO, the user would not have access to open and view the txt file"

    3. If the connection is set for Auto-Connect, you can't revoke the connection. Still, you can remove the user from the Allowed users from the connect client configuration to prevent the user. Sophos connect client will not show the password for the user, but you can see the user ID from the logs.

    Thanks,

  • +1 in reply to FormerMember

    Another important point about Security would be Synchronized Security. As the Sophos Connect Client is able to push Heartbeat to the XG Firewall, you could install Sophos Endpoint (Intercept X) and allow access only via devices Managed Devices. 

    So your firewall will deny every request coming from a Client, which does not have a healthy nor managed status. 

    So "IF" the user was able to copy paste something from his work device, it is still not possible to communicate through XG to your own network. 

  • 0 in reply to LuCar Toni

    Is Intercept X free for all users of Sophos Connect now?

Reply Children