Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Overview
This Recommended Read is in the Beta stage scripting and includes the following.
- Backup the old "ovpn" configuration from SG UTM SSL VPN
- Removes old SG UTM client
- Installs Sophos Connect
- Imports the old configuration into Sophos Connect, so users are still able to connect to UTM
- Installs a provisioning file for the coming Sophos Firewall so that migration will be easier
The script has been tested and working. Implementation in Test Environment is highly recommended before proceeding to Production side,
@echo off IF NOT EXIST "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client\uninstall.exe" goto :eof REM Remove the old client REM Kill running programs, preventing uninstall taskkill /im openvpn* /F timeout 2 REM Backup the OVPN config file rem rmdir "c:\!vpn" /s /q mkdir c:\!vpn copy "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config\*.ovpn" c:\!vpn\ REM Use uninstaller to remove the client cd\Program Files (x86)\Sophos\Sophos SSL VPN Client Uninstall.exe /S timeout 10 REM Do folder cleanup - if not, Sophos Connect refuse to install cd\ rmdir "c:\Program Files (x86)\Sophos\Sophos SSL VPN Client" /s /q SET Sophos_Connect=Sophos\Connect\scvpn IF "%PROCESSOR_ARCHITECTURE%" == "x86" GOTO X86_PROG IF NOT EXIST "%ProgramFiles(x86)%\%Sophos_Connect%" GOTO INSTALL exit /b 0 :X86_PROG IF NOT EXIST "%ProgramFiles%\%Sophos_Connect%" GOTO INSTALL exit /b 0 :INSTALL msiexec.exe /i "\\server\share\SophosConnect.msi" /QN timeout 5 REM Deploying SSLVPN provisioning file - user must connect once with the client to fetch their profile when SF is in place. REM Userportal on SF must be accessible and with a valid certificate! copy /Y "\\server\share\xgsslvpn.pro" "C:\Program Files (x86)\Sophos\Connect\Import\" REM Deploying old SSLVPN for UTM copy /Y "c:\!vpn\*.ovpn" "C:\Program Files (x86)\Sophos\Connect\Import\" Popd REM Start Gui - tray icon. start "" "C:\Program Files (x86)\Sophos\Connect\GUI\scgui.exe" :eof END && EXIT
[
    {  
        "gateway": "fw01.domain.dk", 
        "user_portal_port": 4445, 
        "otp": false, 
        "auto_connect_host": "", 
        "can_save_credentials": true, 
        "check_remote_availability": false, 
        "run_logon_script": false 
    } 
]
Attached are the bat file and the provisioning file
Let me hear your thoughts :-)
Updated Disclaimer
[edited by: Erick Jan at 1:37 PM (GMT -7) on 17 Apr 2023]
 
				 
		 
					