Working remotely and using VPN has become an important part of everyday life. With XG Firewall it’s extremely easy – and free!
XG Firewall is the only firewall to offer unlimited remote access SSL or IPSec VPN connections at no additional charge.
And we’ve significantly boosted SSL VPN capacity across our entire product range in XG Firewall v18 MR3 through several optimizations.
V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 3 AP55s and 2 APX120s having a holiday until software update is released. If a post solves your question use the ' This helped me ' link. With Sophos Connect v2 now supporting SSL (on Windows) and with the enhanced SSL VPN capacity available in XG Firewall v18 MR3, we strongly encourage everyone to consider using SSL to get the best experience and performance for your remote access users.
Our new Sophos Connect v2 remote access VPN client also adds new features that make remote access faster, better and easier.
What’s new in Sophos Connect v2
- SSL VPN support for Windows
- Bulk deployment of SSL VPN configurations (as with IPSec) via an enhanced provisioning file
- Enhanced DUO token multi-factor authentication support
- Auto-connect option for SSL
- Option to execute a logon script when connecting
- Remote gateway availability probing
- Automatic failover to the next active firewall WAN link if one link fails
- Automatic synchronization of the latest user policy if the SSL policy is updated on the firewall (when using the provisioning file to deploy) as well as a manual re-synchronization of the latest policy
- File extension association for policy files – import a policy file into Sophos Connect just by double-clicking it in Windows Explorer, or opening the file attached in an email
XG Firewall v18 MR3 remote access enhancements:
- Enhanced SSL VPN connection capacity across our entire firewall lineup. The capacity increase depends on your firewall model: desktop models can expect a modest increase, while rack mount units will see a 3-5x improvement in SSL VPN connection capacity.
- Group support for IPSec VPN connections, which now enables group imports from AD/LDAP/etc. for easy setup of group access policy.
Making the most of Sophos Connect remote access
The first decision you will want to make is whether you wish to use SSL, IPSec, or both. Then set up your firewall to accept Sophos Connect VPN connections before deploying the client and connection configuration to your users.
SSL vs IPSec
With Sophos Connect v2 now supporting SSL (on Windows) and with the enhanced SSL VPN capacity available in XG Firewall v18 MR3, we strongly encourage everyone to consider using SSL to get the best experience and performance for your remote access users.
While macOS support for SSL remote access via Sophos Connect is expected soon, we recommend any organizations using macOS take advantage of the new OpenVPN macOS client in the interim.
XG Firewall setup
SSL VPN Setup is very straightforward:
- Follow these initial setup instructions for creating an IP address range for your clients, user group, SSL access policy, and authentication.
2. SSL VPN requires access to the XG Firewall User Portal. For optimal security, we strongly advise the use of multi-factor authentication. Set up two-factor authentication via Authentication > One-time password > Settings to ensure you’re only allowing MFA access to the user portal.
3. Create a firewall rule that enables traffic from the VPN zone to access your LAN zone (or whatever zones are desired).
Deployment of the client is equally easy:
- Client installer: The client installer is available by navigating to VPN > Sophos Connect Client on your XG Firewall. Sophos Connect documentation is available here.
- Connection configuration: The SSL VPN connection configuration (OVPN) file is accessible via the user portal, but we strongly encourage the use of a provisioning file to automatically fetch the configuration from the portal. This requires a bit more up-front effort, but greatly simplifies the deployment process and enables changes to the policy without redeploying the configuration. Review the full instructions on how to create a provisioning file with samples.
- Group Policy Management: The best way to deploy the remote access client and provisioning file is via Microsoft Group Policy Management. You will need the files mentioned in the steps above and then follow these step-by-step instructions. You can also use any other software deployment tool you have available – even email.
Monitoring active usage:
You can monitor connected remote users from the XG Firewall Control Center…
And click to drill down to get the details…
Sophos Connect resources and helpful links
XG Firewall v18 includes several performance gains that will breathe new life into your network, enabling you to handle more traffic and better secure it. Icewind dale 2 ee.
If you haven’t upgraded to XG Firewall v18 already, you’re going to want to do so as soon as possible to take advantage of the substantial performance benefits waiting for you.
What are the gains and where do they come from?
Consider these potential performance boosts available by upgrading to XG Firewall v18:
Those are some impressive performance improvements!
One of the most exciting enhancements to XG Firewall in v18 was the introduction of the new Xstream Architecture, with its all-new streaming DPI engine, advanced TLS 1.3 inspection solution, and Network Flow FastPath.
Let’s look at how the Xstream Architecture upgrades your performance:
Trusted traffic FastPath acceleration
The new Xstream Network Flow FastPath is all about performance. It directs trusted traffic that doesn’t require security scanning into a fast lane through the system. This not only minimizes latency and accelerates application traffic through the firewall, it also has the added benefit of not engaging the DPI engine for deep-packet inspection of trusted traffic.
The impact of fast-pathing is up to a 5x improvement in firewall traffic throughput! Of course, with a blend of real-world traffic mixes, not all applications qualify for trusted traffic FastPath acceleration, but if a substantial portion of your traffic can be accelerated on the FastPath, you could increase your firewall’s security scanning capacity while allowing more trusted traffic. That’s a win-win.
Be sure to see how to make the most of the Network Flow FastPath on your network to learn how this works and how to set it up optimally.
TLS inspection speed
The new Xstream TLS inspection solution also brings a tremendous boost in decrypting and inspecting encrypted traffic flows, with up to a 2x improvement in performance. And when you combine the added performance with the very granular and easy to manage TLS inspection policies, you can be sure you’re only inspecting traffic that really needs it – and now do it faster than ever.
See how to make the most of Xstream TLS Inspection on your XG Firewall.
IMIX traffic performance
Internet Mix or IMIX is an often used reference in measuring typical real-world internet network traffic performance, making it a good metric to consider when looking at performance.
The new Xstream architecture in XG Firewall v18 brings a substantial boost in performance to this important metric. On our mid-range firewall models, the gains are over 100%, with the average across the XG Series line being a 57% improvement in performance.
This is all thanks to optimizations in the packet processing flow, DPI engine, and Network Flow FastPath. It’s an incredible real-world improvement in traffic processing performance.
Sophos Xg V18 Mr3 Release Notes
Other common traffic performance measurements also benefit from the Xstream architecture in v18, including raw firewall performance, IPS, AV, application control, and malware protection.
Get the latest XG Firewall brochure to see the latest performance metrics and how your XG Series model stacks up.
SSL VPN capacity
Further optimizations to our SSL engine in XG Firewall v18 MR3 bring some dramatic improvements to remote access SSL VPN capacity, with up to 6x the number of connections possible on our higher-end appliances.
Increases are more modest at the entry-level, but on a typical mid-range device like the XG 310, the capacity has tripled! This is great news for everyone managing a remote workforce these days.
Check out the other great enhancements with remote-access VPN.
Sophos Xg V18 Mr3 Free
If you haven’t already, upgrade to XG Firewall v18 today. It’s a free performance boost, and you get a ton of great new protection and networking features.
Sophos Xg V18 Mr3 Update
Be sure to take advantage of all the resources available, including the recent “Making the Most of XG Firewall v18” article series that covers all the great new capabilities in XG Firewall v18: