SSL-Site-to-Site-VPN uses the same IP pool as SSL-Remote-VPN. This leads to problems if the UTM acts as an SSL-Site-to-Site-VPN-Master and at the same time as an SSL-Remote-VPN-Master.
By using the same pool, packets from the respective VPN systems are routed incorrectly. For example, packets from the remote VPN can be routed to peers in the Site 2 site tunnel.

If I have to disconnect SSL VPN User Sessions, it would be fine, when I have a button.

if you have one time password (OTP) turned on and you reach key lifetime which by default is 8 hours the VPN kicks you out because it tries to re-authenticate with the old OTP password - new versions of openvpn have fixed this - a work around is to adjust the key lifetime which decreases security

Customer is requesting to have restriction for the machine to log in on remote access vpn if it do not have any sophos agent installed on it. For your assistance please

I'd be nice if you would include WireGuard in your suite of server-side VPN protocols in your UTM line.

When clients connect via the SSL Remote Access VPN, you should have the option to assign IP Addresses via an internal DHCP server and not only from the UTM Virtual IP Pool. This is currently available with PPTP and L2TP over IPsec but not with SSL VPN. Companies need to have more control over the IP addresses and leases assigned to clients that connect via the SSL VPN.

Hi, Please include generate email notification alert for Remote Access VPN option in Sophos UTM 9. This help us to know who and where they connect.

Please block Star VPN. It is connecting on the user machines and they can browse freely.
Thanks

Currently, the Amazon VPC setup does not support the new Transit Gateway in AWS. When you attempt to import via config file or secret key it errors out with a Regex error.

I went up the whole chain of premium support and the GES Engineer let me know it currently isn't supported.

As Transit Gateway is the future of Inter VPC & S2S networking this would be nice to have supported.

i am getting a lot of rouge traffic trying to connect to my SSL VPN - black listing and white listing IP's, IP ranges or ISP's would be good

i know that it's secure and chances are they will never get in - though all the extra protection helps and if a flaw was ever found in openvpn this would help

Sophos connect with Radius does not support automatic user creation. This causes an issues with new accounts as we have to wait for the next prefetch cycle before they can be used.

It would be extremely useful to add the possibility to assign a static IP address to clients connecting with VPN SSL. It works with IPsec and L2TP but not with SSL. With a static IP address for each user, we would be able to allow them a specific acces to internal ressources. Thanks.

We have setup the Sophos UTM from the AWS Marketplace (ver 9.603). We have configured it with MFA access so that when we connect using the VPN clients we need to provide our MFA code. We need to do this every time we connect which can be a bit of a hassle for our VPN users. I would be great if sophos supports session timeouts when connecting with MFA which would allow reconnects within a timeout without having to enter MFA again.

Related support post: https://community.sophos.com/products/unified-threat-management/f/general-discussion/114185/sopohos-utm-mfa-session-timeout/409858#409858

We have a large number of VPN users and not a day goes by when I don't get an email from a user claiming they got a new phone and need a new QR code and also they forgot their password so could I just go ahead and reset their account for them? Life would be simpler if there was a Forgot Password option where it would send them a password reset link. The process would also delete their OTP Tokens so they would get a new QR code after resetting their password.

Would like to see support for IKEv2 in AWS appliance.

Currently there is a limit of 50 configs in OpenVPN GUI.
There are already prereleases of the original OpenVPN GUI which remove those limit and add nested configurations.

I would like to see that in Sophos UTM SSL VPN Client too.

Microsoft have been working on their Intune Solution which includes a way to configure a VPN policy that is deployed. There are a number of "Connections" available from other vendors by Sophos are not present. It would be great if Sophos would create a "UWP VPN plug-in" which will allow us to be able to configure VPN's via this. If using Autopilot in the future too a VPN maybe required if not in the office and this same configuration is used.