Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 11723 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Clients

ViciousMagician1116

Are there any 3rd party clients that work with the XG?  We were trying to use the L2TP VPN built into windows which works but we have run into a bug presumably with Dead Peer Detection not working (Have an active support case for this)  So I was looking at the SSL client while it may connect and work it leaves a lot to be desired as the client side of things.  Seems very unpolished when moving from the Cisco AnyConnect client. 

 

I tried to download the CyberRoam ssl client as it looked from screenshots to be a bit nicer on the UI but I couldn't import a config since the XG only gives the text file and not a archive file.

I couldn't find any sort of ipsec client to try out. 



This thread was automatically locked due to age.
  • +1

    ViciousMagician1116,

    you can use SSL VPN Client, which must be download from User Portal from the Appliance. You cannot download cyberoam ssl client, because it is not compatible and also the certificate is missing. SSL VPN Client works like a charm on Windows. Thanks to :

    https://community.sophos.com/products/xg-firewall/f/initial-setup/88341/how-to-install-and-login-the-ssl-vpn-client-for-windows-10

    Take note that XG supported "unlimited" SSL VPN clients (until the HW is running out of resources). The other option is to use Sophos IPSec client (sold separately), whre the features are:

    • Authentication: Pre-Shared Key (PSK), PKI (X.509), Smartcards, Token and XAUTH
    • Encryption: AES (128/192/256), DES, 3DES (112/168), Blowfish, RSA (up to 2048 Bit), DH groups 1/2/5/14, MD5 and SHA-256/384/512
    • Intelligent split-tunneling for optimum traffic routing
    • NAT-traversal support
    • Client-monitor for graphical overview of connection status
    • Multilingual: German, English, and French

    Regards

  • 0 in reply to lferrara

    Thanks.  We may have a look at the ipsec client.  I was just playing with the OpenVPN client which has the ability to let users save the password which would make them happier. 

  • 0 in reply to ViciousMagician1116

    I think a good way to get a VPN connection to XG will also be:
    - configure SSL VPN for users on XG,
    - download the configuration for Andriod / iOS from the XG portal,
    - download and install the OpenVPN Client GUI  ("install-openvpn-2.4.2-I601" or higher),
    - copy the configuration file downloaded from the portal to the "config" directory of the OpenVPN client,
    - launch the OpenVPN Client GUI and connect the SSL VPN channel (login user).

    Regards
    Jan

  • 0 in reply to JanSadlik

    We would like to pre-setup new users' computers with the SSL VPN client but cannot login as them to download their personalized config. Is there a way around this? Also, these users do not have admin rights so they cannot install the client or config themselves anyway. How are other people doing this???