This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SSL VPN Client EOL: What does this mean for UTM?

Hello everybody,

just a few minutes ago, I've received an End-of-Life notification from Sophos regarding the EOL of the Sophos SSL VPN Client on January, 31st 2022.

According to the email, one can still use the SSL VPN after the fact, but using an EOL security product does not strike me as a good idea.

According to the email, we should replace the SSL VPN client with the "new and improved" Sophos Connect v2 client.

I'm unclear however, how to best go about this.

SOP right now for our users:

1. Open up the UTM user portal.

2. Download and install the SSL VPN client.

3. Proft.

How can I go about providing my users with the new VPN client? Is this client still OpenVPN based? Do I need to change anything about the VPN configuration of our UTM?

I'm honestly quite surprised to learn that SSL VPN is EOL, it's the first I've heard about this and January 22nd isn't really far off.

Regards,

Dominik

This thread was automatically locked due to age.

Top Replies

Sophos User5308 over 3 years ago +1

Hi, I think the SSL VPN will cease on the XG and XGS but not the UTM. As you rightly pointed out, Sophos Connect is not available to download and unless they rush out a patch to the UTM to allow that…

LuCar Toni over 3 years ago

PS: There is a valuable contribution from a member of this community with a migration script: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/128936/sophos-connect-migration-script-from-utm-sslvpn

Feel free to share feedback to his Thread, if it worked.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
oly s over 3 years ago in reply to Sophos User5308

Hi,

Gave Sophos Connect a try and was able to get it running with IPsec.
For SSL, I tried to import a working, SSLVPN file (ovpn) but was not able to connect.
Connect comes up with a policy mismatch notification.
Checking the logs, it looks like we have an issue with our UTM certificate (certificate format error in field: Validity Not After).

I wonder whether regenerating the certificate would solve that issue. However doing so, would most likely invalidate all previously issued user certificates – am I right?

Currently thinking about staying with old SSLVPN or finding a way to assure a smooth transition to Connect. Migrating to XG or a change to another solution is not planned before mid next year.
Cancel
Vote Up 0 Vote Down

Cancel
LuCar Toni over 3 years ago in reply to oly s

How old i your installation? There was a older issue with the certificate, if you did not resolve this, it could eventually come up now.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel