Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 589 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect - Does the User Portal have to be on the WAN interface for it to work?

ptho

As title suggests - we noticed that Sophos Connect only seems to work if the User Portal is enabled on the WAN interface.

This raises a point though > with MFA enabled this should be secure, however for people who were yet to setup MFA, would they not need to first enrol by scanning a QR code, in which case, for first time users the User Portal is effectively not secured by MFA.

So, in theory, an attacker with credentials only could then access the user portal via a web browser, log in with the credentials, then scan the QR code effectively setting up MFA.

Am I missing something here?



This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    do you mean the Sophos Connect Client does not establish a VPN session with your system, when you do not enable User Portal to the WAN interface?

    I never had this effect.

    Or do you mean setting up the Sophos Connect Client for users the first time?

  • 0 in reply to jprusch

    Hi,

    Typically we have the User Portal available on the LAN only. In internal testing the Sophos Connect client works OK. When testing from offsite, the client fails to connect. Turning the User Portal 'ON' for the WAN Zone seems to resolve this.

    I will have to test this again later tonight to get the exact error message. If this is unexpected then perhaps I have misconfigured our test policy? If so, please may you point me in the right direction?

Reply
  • 0 in reply to jprusch

    Hi,

    Typically we have the User Portal available on the LAN only. In internal testing the Sophos Connect client works OK. When testing from offsite, the client fails to connect. Turning the User Portal 'ON' for the WAN Zone seems to resolve this.

    I will have to test this again later tonight to get the exact error message. If this is unexpected then perhaps I have misconfigured our test policy? If so, please may you point me in the right direction?

Children