Force Microsoft NCSI probe as SSL VPN Connects
(For Sophos Tech Support, this is from the back of #9887121)
I was asked by Sophos Support Rep to post a feature request.
We have seen with a large amount of our customers an issue arise whereby Sophos SSL VPN (OpenVPN) connects to the Sophos XG fine. With Sophos XG having "Default Gateway" checked for the SSL VPN users a default route is established as we expect.
However, it cant take a while for Microsoft NCSI to complete it's probe to check if there is internet access. While the VPN interface is in "NoTraffic" or "No network access" mode, before the Microsoft NCSI probe occurs, Sophos AV will refuse to update.
The "idea" is either; remove the the need for Sophos AV to "check" for the internet access using it's current method and just "try" to update anyway. Or; Force the SSL VPN Client software to force a Microsoft NCSI probe after the VPN has been established to get the virtual NIC into "Internet" mode as quickly as possible.