Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 998 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Use Legacy SSL VPN Client with XG Firewall

b00d

Hello

I'm planning a migration from UTM to XG.

As i saw on https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/nsg/sfos/learningContent/VPNCreateRemoteAccessSSLVPN.html , users can connect with a legacy client.

Does this mean, our Users are still able to connect with their SSL-VPN-Client from UTM?
Of course, they have to download a new Config-File from the User-Portal after we did the migration, but they don't need to install the new Sophos Connect Software.

Am i right?

Greets,
b00d



This thread was automatically locked due to age.
Parents
  • 0

    No, that is not possible. The reason is, you cannot migrate the user certificates to XG Firewall. Therefore the certificates are invalid and are dropped. 

    What you can do: Uninstall with a script the SSLVPN client and install Sophos Connect. Then roll out one provisioning file to all clients in the same script. User can then use the new client to connect to Sophos firewall. 

    made a script for this: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/128936/sophos-connect-migration-script-from-utm-sslvpn 

  • 0 in reply to LuCar Toni

    Hmm, couldn't belive that, because of all certificates are stored in the .ovpn-File.

    So i created a test-environment, and the result is, that users still can connect to XG Firewall, using the SSL-VPN-Client from UTM.

    They just need to download a new configuration / .ovpn-File (as i wrote in my first post when asking).
    No Sophos Connect or other new Software is needed.

  • 0 in reply to b00d

    If you download a new ovpn File, you basically have a new certificate. Therefore you basically roll out a new user? 

    I assumed you are talking about the old certificate / config files. This is not possible. But the Client (the installer) is the same. 

  • 0 in reply to LuCar Toni

    Think we have to define "new user" ;)

    For my Company it's still the same user, because of we're using Active-Directory sync.
    But of course, for the SSL VPN Client it's like a new user after XG-miration, because of he need new certificates.

    As long as the User after migration can connect to the XG user portal and download the config-file by himself, migration is much easyer for us, because we don't need to coordinate the roll-out of new software to all clients.
    That's why i asked.

Reply
  • 0 in reply to LuCar Toni

    Think we have to define "new user" ;)

    For my Company it's still the same user, because of we're using Active-Directory sync.
    But of course, for the SSL VPN Client it's like a new user after XG-miration, because of he need new certificates.

    As long as the User after migration can connect to the XG user portal and download the config-file by himself, migration is much easyer for us, because we don't need to coordinate the roll-out of new software to all clients.
    That's why i asked.

Children
No Data