Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 4888 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Private key missing in VPN config file

MichaelSchneider

Hello,

since a long time, the openPVN configuration is no longer spread in 3 files, but in a single file that also contains the certificates. As long as I am SuperAdmin on Sophos, I can also download the configuration files for the VPN users completely. A restricted user on Sophos, who only has read rights due to an assigned role, gets the configuration without the private key in the configuration file. Our PC support should be able to download this data completely but not have full rights on the firewall. As a VPN user, I also get the complete configuration file in the portal. Bug or feature?

Michael



This thread was automatically locked due to age.
Parents
  • 0

    Hi Michael,

    Not a Bug nor a feature, I see it as a security behavior. I would like to learn why should a ReadOnly User get access to a Private Key for the Users? However, what happens if you create a new custom profile, in Management | Web Admin Settings | Access control | New; create a new Role and select Remote Access Manager rights. Assign this role to the PC support Users and let us know if it works. 

    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • 0

    Hi Michael,

    Not a Bug nor a feature, I see it as a security behavior. I would like to learn why should a ReadOnly User get access to a Private Key for the Users? However, what happens if you create a new custom profile, in Management | Web Admin Settings | Access control | New; create a new Role and select Remote Access Manager rights. Assign this role to the PC support Users and let us know if it works. 

    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?