Sophos Xg Vpn Client Download

[Pascale]

Youcan download and install the authentication clients and server CAs on Windows, macOS, and Linux. The downloaded file contains the authentication client and the authentication server CA. Authentication clients use the CA to establish a TLS connection with the firewall for user authentication. Click on your operating system for download and installation instructions.

Download certificate for iOS 12 and earlier and Android client: If you have an Android or iOS 12 and earlier device, download and install this authentication server CA certificate on your mobile device. For more information about how to do this, see Use Sophos Network Agent for iOS 12 and Android devices.

If your administrator has shared a signing CA certificate with you, install the signing CA (Default CA) on your mobile device and turn on trust for the CA. For more information about how to do this, see Use Sophos Network Agent for iOS 13 devices.

Click Download Sophos Outlook Add-in to download and install the SPX add-in. The SPX add-in simplifies the encryption of messages that contain sensitive or confidential information leaving the organization. The add-in integrates seamlessly with the user's Microsoft Outlook software, making it easy for users to encrypt messages through Sophos Firewall Email Protection.

I have this challenge on my network. I installed the client authentication agent, log in the user successfully but after some time, they are logged out and the agents disappears. It is not on the taskbar nor under task manager. I have to reinstall it and it WILL say this application is already installed.

Hi Jonathan,

Is CAA has been installed with end user rights who has logged in over system? if yes are those users having limited access or restriction for installation via group policy over domain? If Yes then below is the suspected reason:

Suspected issue is that after installing CAA by user, It gets installed under users directory and at the same time CAA install CA certificate under "Trusted Root CA" directory and restricted user may have issue here for the installation of CA certificate under "Trusted Root CA" due to domain policy restriction and on next reboot of the system they cannot locate CAA.

Sophos Connect is not a Partner tool in that sense. So if you are using this to connect to multiple users (and some of your requirements are exactly that) you should consider OpenVPN for this work. Sophos Connect is build to be used for a customer.

You mean, I sell Sophos Firewalls to my customers and then cannot use their own product to connect to them but instead a potentially unsupported third party tool? (I know it's technically the same as the old client but that's not the point).

You could potentially do this but it is actually quite likely dangerous to do this kind of support scenario. There are multiple reasons to actually consider to change this work approach as a Partner.

1. What happen, if you are infected as a Partner? By Connecting to the customer, you build a layer 2/3 connection to your customer, which grants you (in general) high privileges within the customer network. You can potentially cause a lot of harm by doing this connection. (see supply chain attack in a nutshell).

2. VPN as remote access will likely go out of date for "how to work in the future". Potentially ZeroTrust and ZTNA products will take over in the near future for several reasons. And if the customer goes full ZT, there is no "VPN to the customer" anymore.

3. If your client gets exposed as a partner, you could potentially leak a lot of information/credentials to all your customers, as those data is likely saved on your client. This makes this kind of approaches unsecure as well.

There are more points to it. I am not saying you should stop this. I am simply pointing out, there are other approaches for the future to consider working towards to rebuild security and partner business.

i always compare this kind of approach to the "property security company" business. As a company you have access to multiple customers. So actually you as a Partner should rebuild and make sure, nothing can happen. For example, if i hire a company to watch for my buiding at night, i am expecting, they have mechanism to protect my building even in case of "they loose the key".

You can create a Microsoft Notes database and place all passwords and credentials of all customers there and share it with other colleagues. Nobody is stopping you in doing so. But is it a bad idea? Likely yes.

Considering you as a Security Partner has only one shot: Because the customer is placing his trust in you one time. If something happen, he will likely stop business with you, which can cause a lot of damage to the overall Partner business.

As a attacker, such a partner PC, sitting in the homeoffice is something very valuable to attack. Because it potentially gives me access to a lot of customers with high privilege. So it saves me time and exposure by attacking customers 1 by 1.

Will it be included at some later point? Or does it use the system proxy from Windows? Couldnt get it to work, as a specific proxy is needed at the remote site to be able to reach the OpenVPN port of the XG.

We have a client with a highly locked down site. Their Sophos client workstations cannot check into the Sophos Cloud console.because the default configuration restricts which websites computers can access. I need to create firewall rules to allow workstations to contact the specific URL used to communicate with Sophos Cloud. I've had no luck getting this information from Sophos' support site or knowledge base. As a result, my cloud console shows all these workstations have never checked in or contacted the cloud console.

-MCS Endpoint logs, see this KB for details on finding them. In the McsClient log you would see http GET connection attempts that will give you the url. i.e. "GET dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443"

we have some clients that are in a limbo state, had a on prem server and migrated to the cloud. 99% are in the cloud. a tech installed the old client on the new machines and now they are in a limbo state, cant manage from the new or old server.

Basically what is says on the tin. I have a client computer that self-isolated due to running malware in quarantine/cleanup error. Removed the offending .exe, updated Sophos, rebooted the PC, ran a new scan, etc.

However, despite the endpoint client not finding anything on other scans, the computer is still listed as Red Health and stuck in isolation. From reading the Community article on isolation, the only way to un-isolate a computer in this situation is to fix the health status. But since the offending file has been removed with no change in health, I'm at a bit of a loss

You can create a new threat protection policy and assign this to the user (or use the the existing policy assigned to the user) in Sophos Central, and disable the "Allow computers to isolate themselves on red health" setting in the meantime, at least while the user is working remotely. This will at least allow them to use the computer. The Computer Isolation FAQ has further information on this.

For any outstanding events that have yet to be cleared. SAVService checks the values under here periodically. Say for example a zip file is detected, it might flag it as needing manual intervention for the threat to be cleared. If you delete the zip manually, it can take a while for SAVService to sweep the values in the above key to find that the file has been removed and resolve the threat.

On one of the computers the "Sophos SSL VPN Client" works perfectly fine but if the computer restarts and we try running it (as the icon is not showing on the task bar) we are greeted with the error "SSL VPN Client is already running" I have disabled the VPN from loading on start through task manager but I still get this every time. The only solution I have found is to reinstall it but the issue comes back once the computer is restarted.

Only one computer so far has the issue. I imported the config file into OpenVPN but that did not work for me on connecting. I can always contact the people that provided me with the config file but it I can't imagine they would be able to assist as it appears to be an issue outside of their control.

For that single machine you may try using OpenVPN which can be downloaded from here. So you would need to just download the configuration file and load it onto the OpenVPN client located on your system tray icon.

Under Administration - Device Access I have enabled Client Authentication on LAN zone (which is where the client is also connecting). I have also enabled AD SSO on LAN zone to see if that changes anything but it doesn't seem to make a difference.

I've read through previous discussions on this issue and have not come to a full resolution as of yet. We've had an uptick in users reporting the 'Service Unavailable' issue with their Sophos Connect clients and I'm attempting to identify the root cause. So far we've been doing the typical fix, which is ensuring the service is set to automatic start and is running. While this solves it for some, it seems to break itself again a few hours later and we find the service no longer running. I've adjusted the service to a running state on some machines, just to see it flip back to stopped a few minutes later. The full solution has been to re-install the entire Sophos Connect client, however with more users reporting this issue daily, I believe we may have something else causing the problem.

Does anyone have some more insight who may have ran into a similar issue with this service in the past? Worst case is we deploy a script to ensure the service is running, but that is currently last resort as we have hundreds of clients running the Sophos Connect client.

I appreciate your timely response on this. While this seems to have resolved the issue for a few impacted clients, we are finding that there are others which this seems to only temporarily fix the problem, resulting in a re-installation for a full fix.

3a8082e126