That can´t be true!
We are using VPN SSL and of course all Users using normal password policy including SPECIAL Characters such as "#,$,%, [Space]. Authentication through ADS.
With the old Sophos SSL VPN Client it works but NOT with the "New" Sophos Connect. According to the last UTM Update using the old client is not recommeded so you should use Sophos Connect which DON´T accept Special Characters!!! This is an enourmouse security Issue!
After two ours I finally found that thread who described:
https://community.sophos.com/sophos-xg-firewall/f/discussions/132533/sophos-connect-ssl-vpn/493344?focus=true
Now what? Should I now tell my employees that they shouldn't use special characters and go back to using "normal" passwords? This can not be it! Since it runs via the Active Directory, the password there is also insecure.
Good that I noticed it now during the test. If I had installed Sophos Connect for all 80 users (the old one will be uninstalled) I would have a huge problem now.
I cannot use Sophos Connect with this error.
So please Sophos: Update Sophos Connect so that it uses special char!
This thread was automatically locked due to age.
