Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 6882 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM9 Remote access SSL VPN Certificates

Ibrahim Jabado

 I'm new to setting up VPN's and I am tasked with setting up Sophos UTM9 Remote access SSL VPN, but they would like SOPHOS to require a certificate installed on the clients machine in order to be able to install the VPN client and then connect into the office. Is there anyway to do this?



This thread was automatically locked due to age.
Parents
  • 0

    Hello Ibrahim, 

    and at first welcome to the community.

    I'm not sure that I understand your question. Sophos use the OpenVPN-Client. These uses certificates to connect. Why have a certificate installed on the maschine? To have access over VPN, the users have to download the personilezed VPN-Client over the userportal. Therefore they must login. Only users that are in a vpn-group see the option to download the vpn-client.
    If the user would be hacked, the company just need to delete him/her from the vpn-group. After that, he/she will be dropped on connect.

Reply
  • 0

    Hello Ibrahim, 

    and at first welcome to the community.

    I'm not sure that I understand your question. Sophos use the OpenVPN-Client. These uses certificates to connect. Why have a certificate installed on the maschine? To have access over VPN, the users have to download the personilezed VPN-Client over the userportal. Therefore they must login. Only users that are in a vpn-group see the option to download the vpn-client.
    If the user would be hacked, the company just need to delete him/her from the vpn-group. After that, he/she will be dropped on connect.

Children
  • 0 in reply to ManuelAbeledo

    Well we want to prevent users from using their personal machines to use the vpn client, the goal is to ensure that the users don't log onto the user portal and download the VPN client and install it on their personal machines. I know I can disable the remote access tab from the user portal so that users don't have the option to download it, but we would also like to avoid the possibility of a third party download and install. 

  • 0 in reply to Ibrahim Jabado

    There's really no way to do this, Ibrahim, unless you disable all VPN downloads.  Even then, it's easy enough for a knowledgeable person to install the regular OpenVPN client and copy the configuration & certificate files from their company-owned device.

    I know that in Ideas somewhere, there's a feature request for the ability to prevent someone from connecting via VPN unless certain applications are active on the device they're using.  You might find that and vote and comment on it.

    Cheers - Bob