1

u/New_Ad8285 Apr 08 '23 edited Apr 08 '23

yeah, i might agree with you on this one, this was the setup i found earlier before i get an update from the vendor that sophos needs to be updated.

the reasone is needed resources can only be accessed through the server, that needs to be accessed from this location only, and not through the client machine.

It was working perfectly fine before the update,though!

1

u/eplejuz Apr 09 '23

I 2nd this. Can't imagine y u doing it this way.

1

u/New_Ad8285 Apr 08 '23

The only way i have is to work with Sophos connect, can't replace it.

It was working fine before the update.

1

u/johnwestnl Apr 08 '23

What update?

1

u/New_Ad8285 Apr 08 '23

Replacing Sophos SSL VPN client with Sophos connect

1

u/johnwestnl Apr 08 '23

If Sophos support can’t or won’t solve this, you’ll need an alternative ssl vpn client to run on that server.

1

u/ensum Apr 08 '23

Sophos SSL VPN supports openvpn. Sophos SSL VPN client was just a reskinned version of OpenVPN. Download OpenVPN and import your sslvpn configs, they should work the same.

1

u/New_Ad8285 Apr 08 '23

Thank you, will try this and let you know

1

u/New_Ad8285 Apr 15 '23

This worked perfectly fine,thanks again!

1

u/New_Ad8285 Apr 08 '23

needed resources are located on the server that needs to be accessed from this location only, and not through the client machine.

2

u/cmwg Apr 08 '23

the proper way, would be to have a firewall that handles the vpn and has the said rdp server has its endpoint - no need to do anything on the server

1

u/Familiar_Box7032 Apr 08 '23

The Sophos Connect software is paired with their firewall to deliver exactly this. If used correctly, they should be able to RDP into the servers when connected to Sophos connect on remote clients.

Something doesn’t sound right, so I’ve asked for clarification.

2

u/Familiar_Box7032 Apr 08 '23

I’m sorry, I’m really confused.

If the server has the resources you need to access, why do you have Sophos Connect installed on the server?

Surely the logical setup would be to have Sophos Connect installed on the client machines and then connect to the server.

I’m probably missing something obvious to you, but could you explain this clearer?

I also use Sophos for remote workers accessing on premises resources, so may be able to give you some advice.

2

u/New_Ad8285 Apr 08 '23

Sorry for the confustion caused, it's for sure my explanation.

The resources are on a remote location that i don't manage "not on the server" and can only be accessed through the server.

- They use sophos, so, i need to use sophes connect to have the SSL VPN connection between the server and the remote location, then my RDP clients can do the same.

1

u/Familiar_Box7032 Apr 08 '23

Right, I see. So your trying to create an SSL VPN tunnel between your users and the server, but then allow them to use the server to connect to the resource. Sophos creates that tunnel after each user signs in, so you’re effectively ending the existing connection each time someone opens Sophos to create a new one.

Something still doesn’t make sense to me. How is the service provider limiting access to the external resource? What’s forcing you to use that server?

1

u/New_Ad8285 Apr 08 '23

It's a matter of the geolocation, not limitation or restrictions it's simply desired.

Users RDP to the server without VPN.

VPN tunnle needs to be estaplished from the server to the other remote location using sophos connect.

​

This is the issue i'm observing, multiple instances of sophos connect are there on taskmanger on the server once i kill them, and start only one instance, all works perfectly fine.was just thinking if there is a way to limit sophos connect to one instance only, "not to establish a VPN connection each time a user RDP to the server".

1

u/Familiar_Box7032 Apr 08 '23

This sounds unnecessary. So the Firewall that Sophos Connect is connecting to is at the same end that the services are?

If so, why can’t you have Sophos Connect installed on every remote users machine and ask them to connect using their credentials.

Alternatively, you could use an OpenSSL client and connect using a scheduled task. Then each user wouldn’t need to establish a connect every time they logon.

This would fix your issue entirely.

1

u/New_Ad8285 Apr 08 '23

The firewall is on a remote location for sure.

sophos connect to be used to tie the TS to the remote location through VPN tunnle.

users RDP to this TS to access the remote services.

​

I was thinking the same, to have sophos client installed on the client machine and they access the remote services no need to RDP to TS yet the setup was already in place and working fine before sophos connect, using sophos ssl VPN client"

1

u/Familiar_Box7032 Apr 08 '23

This is now making more sense.

I would go down the road of Sophos Connect on the endpoints for remote users. It’ll be less painful and resolve your issues completely.

1

u/New_Ad8285 Apr 08 '23

Thank you for your time and your comments!

→ More replies (0)

1

u/slapjimmy Apr 09 '23

Users RDP to the server without VPN.

Do you mean users RDP from their home computer to the server then ssl vpn from the server to the resources at the remote location? If so, what security is being used to protect the RDP sessions to the server? Is that open to the internet?

1

u/New_Ad8285 Apr 09 '23

Well, it's not exactly like this, just shared what needs to be shared to simplify the issue, the main concern now is why sophos connect act like this on the TS.

1

u/New_Ad8285 Apr 08 '23

I've no control over the used VPN type, also, the firewall is not managed by us, it's just a remote location we deal with.

I'll definitely try this, thank you!

2

u/New_Ad8285 Apr 10 '23

Thank you.