Sophos Firewall Configuring SSL VPN for Remote Access

Similar documents
3.1 Getting Software and Certificates

Sophos Endpoint Security and Control standalone startup guide

Sophos UTM. Remote Access via IPsec Configuring UTM and Client. Product version: Document date: Tuesday, December 13, 2016

Endpoint web control overview guide

Sophos Connect. help

Sophos Mobile Control User guide for Windows Mobile

Sophos Mobile Control Installation prerequisites form

Sophos SafeGuard File Encryption for Mac Quick startup guide. Product version: 7

Remote Access via Cisco VPN Client

Sophos Endpoint Security and Control standalone startup guide

Sophos Mobile Control Installation guide

GTA SSL Client & Browser Configuration

Sophos Enterprise Console

REMOTE ACCESS SSL BROWSER & CLIENT

Sophos Migration Assistant. migration guide

Sophos Mobile Control Super administrator guide. Product version: 3.5

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

How to Configure SSL VPN Portal for Forcepoint NGFW TECHNICAL DOCUMENT

Sophos Enterprise Console

Sophos Mobile Control Technical guide

Cradlepoint to Palo Alto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions

Sophos Transparent Authentication Suite Quick Start Guide. Product version: 2.0 Document date: Wednesday, July 05, 2017

Proofpoint Threat Response

Contents Overview... 2 Part I Connecting to the VPN via Windows OS Accessing the Site with the View Client Installing...

VPN Client Configuration Guide

VII. Corente Services SSL Client

NetConnect to GlobalProtect Migration Tech Note PAN-OS 4.1

NetExtender for SSL-VPN

Sophos Mobile Control installation prerequisites form. Product version: 7

KeyNexus Hyper-V Deployment Guide

NetScaler Analysis and Reporting. Goliath for NetScaler Installation Guide v4.0 For Deployment on VMware ESX/ESXi

1 About this document System environment Communication between devices and push servers Technical support...

Aventail Connect Client with Smart Tunneling

REMOTE ACCESS IPSEC. Course /14/2014 Global Technology Associates, Inc.

Help Document Series: Connecting to your Exchange mailbox via Outlook from off-campus

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

Senstar Symphony. 7.2 Installation Guide

Client VPN OS Configuration. Android

Quick Setup Guide. 2 System requirements and licensing

Sophos Mobile in Central

Media Server Installation & Administration Guide

PPP Tunneling. Step by step explanation and configuration for creating PPP Tunnel

Aspera Connect Windows XP, 2003, Vista, 2008, 7. Document Version: 1

QUICK SET-UP VERIFICATION...3

Pulse Secure Client for Chrome OS

Cisco Secure Desktop (CSD) on IOS Configuration Example using SDM

Sophos Mobile. server deployment guide. Product Version: 8.1

Kerio Control. User Guide. Kerio Technologies

Remote Access for End User Reference Guide for EpicConnect Access

User Manual. SSV Remote Access Gateway. Web ConfigTool

HP Load Balancing Module

Table of Contents HOL-1757-MBL-6

Sophos Mobile. startup guide. Product Version: 8.1

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X

Installing and Configuring vcloud Connector

Proxy Protocol Support for Sophos UTM on AWS. Sophos XG Firewall How to Configure VPN Connections for Azure

USER GUIDE. CTERA Agent for Windows. June 2016 Version 5.5

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Sophos Mobile. Network Access Control interface guide. Product Version: 8.1

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

SafeConsole On-Prem Install Guide

Wavecrest Certificate SHA-512

Kerio VPN Client. User Guide. Kerio Technologies

Service Managed Gateway TM. Configuring IPSec VPN

Administrator Guide. Find out how to set up and use MyKerio to centralize and unify your Kerio software administration.

Deltek Touch Expense for Ajera. Touch 1.0 Technical Installation Guide

SonicOS Release Notes

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

Document Date: January Version: AHM Page 1 of 20

IKEv2 Roadwarrior VPN. thuwall 2.0 with Firmware & 2.3.4

SSL VPN Server Guide. Access Manager Appliance 3.2 SP2. June 2013

Viola M2M Gateway. OpenVPN Application Note. Document version 1.0 Modified September 24, 2008 Firmware version 2.4

Sophos Mobile in Central

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Cisco Unified Serviceability

SafeGuard Easy Demo guide. Product version: 6 Document date: February 2012

Sophos Mobile. startup guide. Product Version: 8.5

Aimetis Symphony Mobile Bridge. 2.7 Installation Guide

Sophos Management Appliance Configuration Guide. Product Version 4.3 Sophos Limited 2017

Abila Nonprofit Online. Connection Guide

Kerio Control. User Guide. Kerio Technologies

Covene Cohesion Server Installation Guide A Modular Platform for Pexip Infinity Management October 25, 2016 Version 3.3 Revision 1.

SonicWALL strongly recommends you follow these steps before installing Global VPN Client (GVC) 4.0.0:

Copyright NeoAccel Inc. SSL VPN-Plus TM. NeoAccel Management Console: Network Extension version 2.3

Sophos Mobile Control SaaS startup guide. Product version: 6.1

TeleOffice 3.1 TeleOffice Checklist

Aspera Connect User Guide 3.7.0

ActivIdentity 4TRESS AAA Web Tokens and F5 BIG-IP Access Policy Manager. Integration Handbook

Configuring the VPN Client

How to Create a TINA VPN Tunnel between F- Series Firewalls

Firewall XG / SFOS v16 Beta

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft NPS Technical Manual Template

SonicWALL Security Appliances. SonicWALL SSL-VPN 200 Getting Started Guide

Table of Contents 1 IKE 1-1

Avalanche Remote Control User Guide. Version 4.1

Viz Licensing Administrator Guide. Product Version 1.0 November 27, 2017

SpaceShuttle User guide v3

Sophos Mobile. server deployment guide. product version: 9

VPN Solutions for Zerto Virtual Replication to Azure. IPSec Configuration Guide

Aspera Connect Mac: OS X 10.6, 10.7, 10.8, Revision: Generated: 11/11/ :29

Transcription:

Sophos Firewall Configuring SSL VPN for Remote Access Product Version: 1 Document date: October 2014

Contents 1 Introduction 3 2 Configuring Sophos Firewall 4 2.1 Defining a User Account 4 2.2 Configuring Advanced SSL Settings 9 2.3 Creating the Network Policy 11 3 Configuring the Remote Client 14 3.1 Getting SSL VPN Client Software 14 3.2 Installing the SSL VPN Client Software 16 3.3 Connecting to the VPN 19 4 Technical support 20 5 Legal notices 21 www.utimaco.c

SSL VPN for Remote Access 1 Introduction This guide is a step-by-step guide on how to configure remote access on Sophos Firewall using the Secure Sockets Layer (SSL) protocol. The SSL remote access feature in Sophos Firewall provides a two-factor authentication, securing the remote connection using X.509 certificates (have) and username/password (know). Sophos' SSL VPN establishes an encrypted tunnel to provide secure access to company resources through TCP port 443. The system administrator configures the Sophos Sophos Firewall to allow remote access and enables the User Portal of the Sophos Sophos Firewall for the remote access users. The User Portal offers the free Sophos SSL VPN Client software, including the configuration and necessary keys, and this configuration guide. Login data for the User Portal should be provided by the system administrator or could be the Users AD Credentials. The SSL VPN Client is available for Microsoft Windows XP, Vista, 7, 8/8.1 and 10 operating systems. 3 3

Sophos Firewall 2 Configuring Sophos Firewall Sophos Firewall is configured via the web-based WebAdmin configuration tool from the administration PC. Opening and using this configuration tool is extensively described in the Sophos Firewall administration guide. 2.1 Defining a User Account We start by creating a user account to allow access to the User Portal and to establish a VPN connection. 1. Open the Objects > Identity > Users 4

Configuring Sophos Firewall 2. Click on The Create New User dialog opens 5 5

Sophos Firewall 3. Enter the following information: Username Name Description Password User Type Email Policies SSL VPN Policy This will be the User Login for the User Portal The Users full name (optional) Create a Password for the new User and Confirm Select User Enter the Users E-Mail address Select a group for the User, if no Groups have yet been defined use Open Group Select the appropriate Surfing Quota, Access Time, Network Traffic and Traffic Shaping settings Open the drop-down menu of Remote Access and select Create new 6

Configuring Sophos Firewall General Settings Identity Tunnel Access Idle Timeout Name the Police (eg. SSL Remote Access) Give a Description (optional) Click on Add new item Select the Users Group and click Apply Switch Use as Default Gateway to on, if the User should use the VPN-Tunnel as Default Gateway For Permitted Network Resources Add New Item to select all Port that should be available to the Remote Access User By default Remote Access Clients get disconnected after an idle time of 15 minutes. Idle Timeout can be deactiviated or the allowed idle time can be changed 7 7

Sophos Firewall 2.2 Check Authentication Services for VPN Navigate to System > Authentication > Authentication Services Scroll down to VPN (IPsec/L2TP/PPTP) Authentication Methods The Local Authentication should be automatically added already. If an external Authenticaion Server is used, it should be added and confirmed by clicking Apply. 2.3 Check the allowed Zones for SSL VPN Navigate to System > Administration > Device Access Make sure all needed Zones are activated for SSL VPN.. 8

Configuring Sophos Firewall 2.4 Configuring Advanced SSL Settings Open System > VPN > SSL VPN Settings 9 9

Sophos Firewall SSL VPN Settings Protocol SSL Server Certificate Override Hostname IPv4 Lease Range/ IPv6 Lease Lease Mode TCP/UDP (Select UDP for better performance) The ApplianceCertificate is selected by default. Other Certificates can be added and used (e.g. Local CA, Public CA) By default the gateways hostname is used, only enter a hostname, if the gateway has to be reached through a different hostname from the WAN. Enter an IP range to be used by VPN-Clients Select if VPN Users get an IPv4 only or IPv4 and IPv6 addresses IPv4 DNS IPv4 WINS Domain Name Disconnect dead peer after Seconds(60-1800) Are optional settings, if unconfigured the gateways settings apply Set a time to consider a dead peer as disconnected (180 seconds by default) Disconnect idle peer after Minutes(15-60) Set a time to disconnect an idle peer (15 minutes by default) Cryptographic Settings Encryption Algorithm Authentication Algorithm Key Size Key Lifetime Compression Settings Debug Settings Apply By default AES-128-CBC, available are also DES-EDE3-CBC, AES-128-CBC, AES-192- CBC, AES-256-CBC and BF-CBC By default SHA2 256, available are also SHA1(should be avoided), SHA2 384, SHA2 512 and MD5 By default 2048 bit, 1024 bit also available By default 28800 seconds (8 hours) By default this is checked to enhance performance on slow connections By default unchecked, only check if the SSL VPN needs debugging To confirm all changes 10

Configuring Sophos Firewall 2.5 Creating a Network Policy 1. Defining a Network Policy Navigate to Policies and click Add New Rule. Select User / Network Rule 2. Select Bottom and enter a name for the Rule e.g. SSL VPN Masquerading and a Discription (optional) 3. Click Add New Item and select the VPN-Users-Group or Users than apply. 11 11

Sophos Firewall 4. Add items by clicking on Add New Item and selecting the appropriate Sources, then apply. For Zone select WAN and for Networks Any since VPN-Users might access from various Networks. Select Services available to VPN-Users, usually Any. Add a schedule if a User is only allowed to VPN at certain times. 5. Click on Add New Item and select the Zone(s) and Network(s) VPN-Users are allowed to access 6. Select Accept and activate Rewrite source address and keep the default settings 12

Configuring Sophos Firewall 8. Activation of Malware Scanning is optional, but recommended 9. Applying Policies is optional 10. Logging should be activated for troubleshooting and monitoring purpose. Secure Heartbeat configuration is optional 11. Save the New Policy 13 13

Sophos Firewall 3 Configuring the Remote Client On the remote client you have to download the Sophos SSL VPN Client software including configuration data from the UTM User Portal. Then you install the software package on your computer. 3.1 Download the SSL VPN Client Software The Sophos Firewall User Portal is available to all remote access users. The portal, offers downloads, gudes and tools for Users. To access the User Portal navigate to the Sophos Firewalls IP-Address or Hostname using a webbrowser, in a standard configuration the user portal is reachable through HTTPS / port 443. The SSL VPN client supports most business applications such as native Outlook, native Windows file sharing, and many more. The Configuration for Windows is needed in case of a config change to the SSL policy. Furthermore other OS can be configured using a OpenVPN config file. Android and ios configuration are available as well. 1. Start your browser and open the User Portal. Start your browser and enter the management address of the User Portal as follows: https://ip address (example: https://218.93.117.220). A security note will be displayed. Accept the security note. Depending on the browser, click I Understand the Risks > Add Exception > Confirm Security Exception (Mozilla Firefox), or Proceed Anyway (Google Chrome), or Continue to this website (Microsoft Internet Explorer/Edge). 2. Log in to the User Portal. Enter your credentials: Username: Your username, which you received from the administrator. Password: Your password, which you received from the administrator. Please note that passwords are case-sensitive. Click Login. 14

Configuring the Remote Client 3. Navigate to SSL VPN. Download the SSL VPN Client for Windows or the needed configuration files for other OS. 15 15

Sophos Firewall 3.2 Installing the SSL VPN Client Software The setup program will check the hardware of the system, and then install the necessary software on your PC. 1. Start the installation. Open a file browser and go to the location of the installation file setup.exe. Launch the file from this directory. The installation wizard should start up now. Click Next to proceed. 2. Accept the software license agreement. If you agree to the terms of the license, click I Agree. 16

Configuring the Remote Client 3. Choose the install location. Click Browse, select the appropriate directory, and click OK. 4. Click Install to proceed. The installation wizard will copy the necessary files on your system. 5. Confirm the warning message. The setup-routine creates a virtual network card will fort he SSL VPN access. The drivers are not Microsoft certified but save tob e installed. Select Install to allow the driver installation. 17 17

Sophos Firewall 6. When the installation is Completed click on Next. 7. End the installation process by clicking Finish. The SSL VPN client is automatically started and is showing in the task bar as a 8. Then the SSL VPN icon will be 9. displayed in your task bar. 10. Further information is usually available 11. from the network administrator. 18

Configuring the Remote Client 3.3 Connecting to the VPN Start the VPN Authentication by clicking on the traffic light symbol in your Windows task bar: Log in by using the same credentials valid for your User Portal The traffic light will change from red (disconnected) to red and amber (negotiating/connecting). As soon as the traffic light changes to green, the SSL VPN Connection is established 19 19

Sophos Firewall 4 Technical support You can find technical support for Sophos products in any of these ways: Visit the SophosTalk forum at http://community.sophos.com/ and search for other users who are experiencing the same problem. Visit the Sophos support knowledgebase at http://www.sophos.com/support/. Download the product documentation at http://www.sophos.com/support/docs/. Send an email to support@sophos.com, including your Sophos software version number(s), operating system(s) and patch level(s), and the text of any error messages. 20

SSL VPN for Remote Access 5 Legal notices Copyright 1996-2014 Sophos Group. All rights reserved. SafeGuard is a registered trademark of Sophos Group. Sophos is a registered trademark of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner. Limited Warranty No guarantee is given for the correctness of the information contained in this document. Please send any comments or corrections to nsg-docu@sophos.com. 21 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback