Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 9626 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN before login with IPsec client 11.02

Juan IgnacioTel

Hi everyone :)

This is a pre-sales question in fact (I hope this is the correct place to ask it).

In my org we're considering buying an SG UTM, but we're concerned about missing a feature that we need: we must stablish VPN sessions on Windows clients before the user logon.

I've been told that this can be achieved via IPsec client  v11.02, but such version is rather new and I'm unable to get proper information about it.

On other vendor's products, their VPN clients integrate with Windows logon, so a user can mark a checkbox on windows login screen, in order to use the same credentials entered for login for establishing a prior VPN session. Even they can use a different set of credentials for the VPN than for the Windows login.

https://goo.gl/images/uC8k5B

Can anybody confirm me exactly how the Sophos IPsec v11.02 client is dealing with this issue?

Thanks in advance.



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Juan, and welcome to the UTM Community!

    This is a question for your reseller.  The IPsec client had this functionality in the past, but it was removed over five years ago.  Whether it's back in there or not, I don't know.  It is definitely possible to do what you want with the SSL VPN and L2TP/IPsec remote access methods.

    Cheers - Bob

  • 0 in reply to BAlfson

    Hi Bob, thanks for your reply :)

    Yes, I've requested information to our reseller, and it seems as if it'd be possible to do it right now with the new version of the IPsec client (v11.02), but the only fact that I've been able to look about it, is a kind of short announcement of the capabilities of the such version (https://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-ipsec-whatsnew-en.pdf?la=en).

    I'm seeking further explanation and, of course, a direct feedback of someone that is currently using it would be great. ;)

    I know indeed that it's possible to do it using a different approach, but we don't feel very comfortable writing VPN access passwords on plain text files, which seems it's needed in order to make it works (https://community.sophos.com/kb/hu-hu/119781). Furthermore, distributing (and managing) such files on laptops, looks to me like a non recommended practice.

    I do really appreciate any kind of information that somebody could give us. It's actually a key point in our decision to purchase to Sophos or to other vendors.

    - Juan -

  • 0 in reply to Juan IgnacioTel

    Hi Juan,

    Welcome to the Sophos Community. Yes, the feature is included in the IPSec v11.02. Alongside, it is also supported in the SSL VPN scenario as mentioned in the referred KBA. Interestingly. I never did this with a SSL VPN and that makes me greedy to test it in my labs. 

    Please contact us for any further assistance, we will be happy to help.

    Thanks for choosing Sophos.

  • 0 in reply to sachingurung

    Thanks for your reply Sachin.

    It's good to hear that we're on the right path :)

    Could you please provide me more details about it?

    As I've mentioned before, we haven't got any more information than the announcement PDF, which is extremely brief explaining only that there'll be two additional connection modes supported (always & variable).

    We're particularly interested in knowing how it exactly works: deployment requirements, user experience...

    Is it necessary to deploy the client with a pre-configured static credentials in order to automatically stablish the connection? (as the referred SSL VPN method seems to do)... If it does, are the credentials stored encrypted in any way?

    On the other hand, can the users use their own credentials in a similar way as other vendor's products do? (establishing the VPN session & logon in a single action) (https://goo.gl/UOuPfi)

    I'm asking this because it's far easier & safer for us deploying a standard instance of the IPsec client (without stored credentials) and let the user credentials authenticate both for the pre-logon connection to the remote network and later for the login itself.

    - Juan -

  • 0 in reply to Juan IgnacioTel

    Hi Juan,

    To get a better overview on this, you can request a POC of the scenario and the pre-sale representative can help you deploy the requirement. A practical deployment and trial will be more satisfying.

    Thanks

Reply Children
No Data