{"id":2119,"date":"2020-10-20T13:31:30","date_gmt":"2020-10-20T13:31:30","guid":{"rendered":"https:\/\/partnernews.sophos.com\/en-us\/?p=2109"},"modified":"2020-10-23T10:31:01","modified_gmt":"2020-10-23T10:31:01","slug":"sophos-connect-v2-remote-access-vpn","status":"publish","type":"post","link":"https:\/\/partnernews.sophos.com\/es-es\/2020\/10\/products\/sophos-connect-v2-remote-access-vpn\/","title":{"rendered":"Sophos Connect v2 Remote Access VPN"},"content":{"rendered":"<p>Working remotely and using VPN has become an important part of everyday life. With XG Firewall it\u2019s extremely easy \u2013 and free! XG Firewall is the only firewall to offer unlimited remote access SSL or IPSec VPN connections at no additional charge. And we\u2019ve <a href=\"https:\/\/support.sophos.com\/support\/s\/article\/KB-000039345?language=en_US\" target=\"_blank\" rel=\"noopener noreferrer\">significantly boosted SSL VPN capacity<\/a> across our entire product range in XG Firewall v18 MR3 through several optimizaitons.<\/p>\n<p>Our new Sophos Connect v2 remote access VPN client also add new features that make remote access faster, better and easier.<\/p>\n<figure id=\"attachment_2115\" aria-describedby=\"caption-attachment-2115\" style=\"width: 500px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-2115 size-full\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/10\/sophos-connect-v2-1.png\" alt=\"\" width=\"500\" height=\"309\" \/><figcaption id=\"caption-attachment-2115\" class=\"wp-caption-text\">Sophos Connect v2 makes remote access VPN easy and fast!<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<p><strong>What\u2019s New:<\/strong><\/p>\n<p>Sophos Connect v2<\/p>\n<ul>\n<li>SSL VPN support for Windows<\/li>\n<li>Bulk deployment of SSL VPN configurations (as with IPSec) via an enhanced provisioning file\n<ul>\n<li>Enhanced DUO token multi-factor authentication support<\/li>\n<li>Auto-Connect option for SSL<\/li>\n<li>Option to execute a logon script when connecting<\/li>\n<li>Remote gateway availability probing<\/li>\n<\/ul>\n<\/li>\n<li>Automatic failover to the next active firewall WAN link if one link fails<\/li>\n<li>Automatic synchronization of the latest user policy if the SSL policy is updated on the firewall (when using the provisioning file to deploy) as well as a manual re-synchronization of the latest policy<\/li>\n<li>File extension association for policy files \u2013 import a policy file into Sophos Connect just by double-clicking it in Windows Explorer, or opening the file attached in an email<\/li>\n<\/ul>\n<p>XG Firewall v18 MR3 Remote Access Enhancements:<\/p>\n<ul>\n<li>Enhanced SSL VPN connection capacity across our entire firewall line up. The capacity increase depends on your Firewall model: desktop models can expect a modest increase, while rack mount units will see a 3-5x improvement in SSL VPN connection capacity.<\/li>\n<li>Group support for IPSec VPN connections which now enables group imports from AD\/LDAP\/etc. for easy setup of group access policy.<\/li>\n<\/ul>\n<p><strong>Making the Most of Sophos Connect Remote Access<\/strong><\/p>\n<p>The first decision you will want to make is whether you wish to use SSL, IPSec, or both. Then setup your Firewall to accept Sophos Connect VPN connections before deploying the client and connection configuration to your users.<\/p>\n<p><strong>SSL vs IPSec<\/strong><\/p>\n<p>With Sophos Connect v2 now supporting SSL (on Windows) and with the enhanced SSL VPN capacity available in XG Firewall v18 MR3, we strongly encourage everyone to consider using SSL to get the best experience and performance for your remote access users.<\/p>\n<p>While macOS support for SSL remote access via Sophos Connect is expected soon, we recommend any organizations using macOS take advantage of the new <a href=\"https:\/\/openvpn.net\/download-open-vpn\/\" target=\"_blank\" rel=\"noopener noreferrer\">OpenVPN macOS client<\/a> in the interim.<\/p>\n<p><strong>XG Firewall Setup<\/strong><\/p>\n<p>SSL VPN Setup is very straightforward:<\/p>\n<ol>\n<li>Follow these initial <a href=\"https:\/\/docs.sophos.com\/nsg\/sophos-firewall\/18.0\/Help\/en-us\/webhelp\/onlinehelp\/nsg\/sfos\/learningContent\/VPNCreateRemoteAccessSSLVPN.html\" target=\"_blank\" rel=\"noopener noreferrer\">setup instructions<\/a> for creating an IP address range for your clients, user group, SSL access policy, and authentication.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2116\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/10\/sophos-connect-v2-2.png\" alt=\"\" width=\"640\" height=\"163\" \/><\/li>\n<li>SSL VPN requires access to the XG Firewall User Portal. For optimal security, we strongly advise the use of multi-factor authentication. <a href=\"https:\/\/docs.sophos.com\/nsg\/sophos-firewall\/17.5\/Help\/en-us\/webhelp\/onlinehelp\/nsg\/sfos\/learningContents\/ConfiguringTwoFactorAuthentication.html\" target=\"_blank\" rel=\"noopener noreferrer\">Setup two-factor authentication<\/a> via Authentication &gt; One-time password &gt; Settings to ensure you\u2019re only allowing MFA access to the user portal.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2117\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/10\/sophos-connect-v2-3.png\" alt=\"\" width=\"640\" height=\"304\" \/><\/li>\n<li>Create a firewall rule that enables traffic from the VPN zone to access your LAN zone (or whatever zones are desired).<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2118\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/10\/sophos-connect-v2-4.png\" alt=\"\" width=\"640\" height=\"38\" \/><\/li>\n<\/ol>\n<p><strong>Deployment of the client is equally easy:<\/strong><\/p>\n<ol>\n<li>Client Installer: The client installer is available by navigating to VPN &gt; Sophos Connect Client on your XG Firewall. <a href=\"https:\/\/docs.sophos.com\/nsg\/sophos-connect\/help\/en-us\/PDF\/scon_h.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">Sophos Connect documentation<\/a> is available here.<\/li>\n<li>Connection Configuration: The SSL VPN connection configuration (OVPN) file is accessible via the User Portal, but we strongly encourage the use of a provisioning file to automatically fetch the configuration from the portal. This requires a bit more up-front effort, but greatly simplifies the deployment process and enables changes to the policy without redeploying the configuration. <a href=\"https:\/\/docs.sophos.com\/nsg\/sophos-firewall\/18.0\/Help\/en-us\/webhelp\/onlinehelp\/nsg\/sfos\/concepts\/SConProvisioningFile.html\" target=\"_blank\" rel=\"noopener noreferrer\">Review the full instructions<\/a> on how to create a provisioning file with samples.<\/li>\n<li>Group Policy Management: The best way to deploy the remote access client and provisioning file is via Microsoft Group Policy Management. You will need the files mentioned in the steps above and then Follow these <a href=\"https:\/\/support.sophos.com\/support\/s\/article\/KB-000038630?language=en_US\" target=\"_blank\" rel=\"noopener noreferrer\">step-by-step instructions<\/a>. You can also use any other software deployment tool you have available \u2013 even email.<\/li>\n<\/ol>\n<p><strong>Monitoring Active Usage:<\/strong><\/p>\n<p>You can monitor connected remote users from the XG Firewall control center\u2026<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2119\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/10\/sophos-connect-v2-5.png\" alt=\"\" width=\"640\" height=\"221\" \/><\/p>\n<p>And click to drill-down to get the details\u2026<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2120\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/10\/sophos-connect-v2-6.png\" alt=\"\" width=\"640\" height=\"173\" \/><\/p>\n<p><strong>Sophos Connect Resources and Helpful Links<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/docs.sophos.com\/nsg\/sophos-connect\/help\/en-us\/PDF\/scon_h.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">Sophos Connect Client Documentation<\/a><\/li>\n<li><a href=\"https:\/\/docs.sophos.com\/nsg\/sophos-firewall\/18.0\/Help\/en-us\/webhelp\/onlinehelp\/nsg\/sfos\/learningContent\/VPNCreateRemoteAccessSSLVPN.html\" target=\"_blank\" rel=\"noopener noreferrer\">XG Firewall SSL Remote Access Setup Documentation<\/a><\/li>\n<li><a href=\"https:\/\/docs.sophos.com\/nsg\/sophos-firewall\/18.0\/Help\/en-us\/webhelp\/onlinehelp\/nsg\/sfos\/concepts\/SConProvisioningFile.html\" target=\"_blank\" rel=\"noopener noreferrer\">Provisioning File Documentation<\/a><\/li>\n<li><a href=\"https:\/\/docs.sophos.com\/nsg\/sophos-firewall\/18.0\/Help\/en-us\/webhelp\/onlinehelp\/nsg\/sfos\/concepts\/VPNSophosConnectClient.html\" target=\"_blank\" rel=\"noopener noreferrer\">XG Firewall IPSec Remote Access Setup Documentation<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Working remotely and using VPN has become an important part of everyday life. With XG Firewall it\u2019s extremely easy \u2013 and free! XG Firewall is the only firewall to offer unlimited remote access SSL or IPSec VPN connections at no [&hellip;]<\/p>\n","protected":false},"author":11,"featured_media":3000001634,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[72],"tags":[84,25],"coauthors":[42],"class_list":["post-2119","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-products","tag-vpn","tag-xg-firewall"],"jetpack_featured_media_url":"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/07\/featured-image-xg-firewall-v18-1600x-960-horizontal.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/posts\/2119","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/comments?post=2119"}],"version-history":[{"count":1,"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/posts\/2119\/revisions"}],"predecessor-version":[{"id":2133,"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/posts\/2119\/revisions\/2133"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/media?parent=2119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/categories?post=2119"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/tags?post=2119"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/coauthors?post=2119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}