Sophos Connect is our free remote-access VPN client designed specifically to enable remote workers to access your XG Firewall protected network from anywhere. And Sophos Connect 2.0 now includes many new features that you can start taking advantage of right away.
You should also know that as a licensed XG Firewall customer, there’s no extra charge for remote-access VPN connections – you can utilize as many as you want (up to your firewall’s capacity) to support your remote workforce – included for free as part of your base license.
What’s new in Sophos Connect 2.0
The early access program for Sophos Connect 2.0 is now underway, adding support for SSL VPN on Windows as well as a number of other enhancements.
- SSL VPN support for Windows
- Bulk deployment of SSL and/or IPSec VPN configurations via an enhanced provisioning file
- The same convenient deployment as in Sophos Connect v1 for IPSec
- Support for one-time-passwords (OTP)
- Improved DUO multi-factor-authentication (MFA) support (when connecting to XG Firewall v18)
- Auto-Connect option
- Option to execute a logon script when connecting
- Remote gateway availability probing
- Automatic synchronization of the latest user policy if the SSL policy is updated on the firewall (when using the provisioning file to deploy) as well as a manual re-synchronization of the latest policy
- Automatic failover to next firewall WAN link if one link fails
- File extension association for policy files – import a policy file into Sophos Connect just by double-clicking it in Windows Explorer, or opening the file attached in an email
Getting started
Head on over to the XG Firewall Community to get started with the early access program. There are full details on all the changes, instructions on how to use the new provisioning file, and the download itself. Full instructions are also available online.
SSL vs IPSec
With Sophos Connect 2 now supporting both SSL and IPSec VPN technologies, you might be wondering about the pros and cons of each and which one you should use.
In general, SSL VPN, which can work over port 443 just like any encrypted website connection, will present fewer obstacles and work from more varied locations such as public WiFi hotspots and hotel networks.
IPSec is typically more efficient but uses UDP ports 500 and 4500 which can often result in connections being blocked by 3rd party firewalls. If the user has full control over their firewall or router, and can open these ports, then they will find IPSec offers more predictable performance.
One of the great new benefits of Sophos Connect 2 is that you can now offer both with a single client, but we encourage you to take advantage of the new SSL VPN capability for the added flexibility it offers.
Igor Andrade
Good morning, would you know which OTP is supported? What if RSA SecurID is already supported for this new vpn connection?
Igor Andrade
Good morning, would you know to tell me which authentication methods using OTPs please?
And if RSA SecurID is already supported.
Thanks
Chris McCormack
XG supports integration with most MFA vendors using RADIUS. RSA SecureID, Duo, and others… they work with both XG Firewall and Sophos Connect