Guest User!

You are not Sophos Staff.

Thread Info
  • Replies 0 replies
  • Subscribers 26 subscribers
  • Views 1168 views
  • Users 0 members are here
Options
Suggested

Sophos Firewall: When will SSL VPN users need to re-download the configuration

Erick Jan

Disclaimer: Please contact Sophos Professional Services if you require assistance with your specific environment.

Overview

This Recommend Read shows you how to determine which changes under SSL Global VPN configuration will require a user to re-download the configuration.

Pre-requisites

An established SSL VPN and Sophos Connect are needed. Kindly see below:

  • Established Configuration of SSL VPN Remote Access.

See the reference:

Configure remote access SSL VPN with Sophos Connect client

  • Established Configuration for Sophos Connect Client

See reference:

Editing SSL GLOBAL VPN Settings

Go to CONFIGURE>Remote Access VPN>SSL VPN Tab> SSL VPN global Settings.

Changes from this configuration will require the user to “re-downloadthe configuration.

SSL VPN Settings

  • Protocol
  • SSL Server Certificate

*Override hostname

Note: The "Override hostname" would depend on your Firewall Hostname and if you change your Public IP or if you use DDNS.

Cryptographic Settings

  • Encryption Algorithm
  • Authentication Algorithm
  • Key Size
  • Key Lifetime

*The "key lifetime" will “drop and reconnect” at a different time than expected by the Admin and the Firewall. Therefore, it’s recommended to re-download the configuration.

Other changes on the following configurations will cause a “disruption/disconnection” to the VPN, as marked by the yellow box.

  • Override hostname
  • Port
  • DNS
  • Assign IPv4 Addresses
  • Assign IPv6 Addresses
  • Lease mode
  • Use static IP Addresses
  • IPv4 DNS
  • IPv4 WINS
  • Domain name
  • Disconnect dead peer after
  • Disconnect idle peer after

Advanced Settings

  • Compress SSL VPN Traffic

Debug Settings

This won’t restart and won’t require a re-download of the configuration.

  • Enable debug mode

SSL VPN General Settings

All changes under Remote Access VPN>SSL VPN>SSL VPN Profile Name>General Settings, Identity, and Tunnel Access won’t cause any disconnection nor the need for re-downloading of Config. However, any changes here will reflect once the user has disconnected are re-connect.



Re-upload screenshot
[edited by: Erick Jan at 7:26 AM (GMT -8) on 14 Feb 2023]
Unfiltered HTML