SSL VPN user configurations
Add ability for an Administrator to view and download SSL VPN configurations of users. Additionally make windows configurations available as .ovpn files as well as the 'executable'
Lets imagine that an admin has to ask\wait his user login portal, just to get the configuration file. That's unhappy situation and I don't want to fall into this.
Gunter Hauser commented
As it is in UTM, we need to download SSL Configuration for multiple Users. We deply the configruation by DSM Tool. We don't want to allow user to install SSL Client on any client device. Only company owned devices should have the SSL-VPN Configuration to connect to our environment. Customisation of User Portal is also needed (hide client download). This features are available at Sophos UTM for many years and versions. It should be easy to implement this features also in XG firewall.
Rather drop whole per user configuration mess and use shared certificate so that it can be deployed to multiple machines.
As most are using some 2 face authentication this should not be security issue.
As many have pointed out XG is not enterprise or even SMB ready with current SSL VPN solution.
Alex Vincer commented
A Sophos manager shared with me that users can download their .ovpn file from the Client Portal once they're logged in by clicking "SSL VPN > Download Configuration for other OSs", which solves the original issue that I had with users needing local Administrator membership to complete the installation. However, allowing administrators to view and download those .ovpn files on the behalf of users would be nice, too, so please keep this idea alive!
Alex Vincer commented
This is critical - I have 71 users, and none of them are members of the local administrators group, which the downloaded configuration file requires in order to install. I can get as far as deploying the VPN client as an administrator, but when I need to require all of my users to download their own configuration file and it prompts them for administrator credentials, I'm sunk!
Clayton Dillard commented
This is a very important feature to add. It helps out tremendously when deploying more than a few VPN clients.