These are the release notes for Sophos Connect.
View the product documentation at Sophos Connect.
Sophos Connect is distributed to SFOS firewalls via pattern updates. You can download Sophos Connect for UTM at UTM Downloads.
You can now establish remote access SSL VPN connections on macOS devices using the Sophos Connect client.
We've updated the versions of the third‑party components below:
There are no resolved issues included in this version.
You can now install Sophos Connect on ARM-based Windows devices.
We now only support 64-bit versions of Windows 10 and 11.
| Issue ID | Description |
|---|---|
| NCL-2540 | Resolved an issue where IPSec connection details failed to load when the `display_name` began with a 'v', 'w', 'x', 'y' or 'z' character. |
| NCL-1826 | Resolved an issue where the "Service Unavailable" error was showing on the Sophos Connect Client. |
| NCL-1726 | Resolved an issue where IPsec VPN connections were failing to establish after users disabled IPv6 on their devices. |
Single sign-on (SSO) with Microsoft Entra ID is now available for the Sophos Connect Client on Windows devices when connecting to SFOS version 21.5 or later.
| Issue ID | Description |
|---|---|
| NCL-1703 | Resolved an issue where auto-connect failed if the upstream device sent an ICMP unreachable response. |
| NCL-1845 | Resolved an issue where Sophos Connect was stuck in a "connecting" status. |
| NCL-2054 | Resolved an issue where the connection name displayed in the Sophos Connect client could change after connecting. |
| NCL-1485 | Resolved an issue where the "gateway_order" setting didn't work. |
| NCL-2434 | Resolved an issue where some UTM9 IPsec connections failed to import. |
| NCL-2209 | Resolved an issue where the Sophos Connect client showed "Service Unavailable" if the scvpn process didn't start. |
| NCL-1400 | Resolved an issue where using the provisioning file with multiple gateways and with CAPTCHA enabled led to re-authentication. |
| NCL-2016 | We've hardened in-memory storage of sensitive information (CWE-316). |
We've completed the following upgrades:
| Issue ID | Description |
|---|---|
| NCL-1820 | Resolved an issue where IPsec users were disconnected sporadically and couldn't reconnect. |
This update resolved one issue.
| Issue ID | Description |
|---|---|
| NCL-2048 | Resolved an issue where users couldn't set up SSL VPN tunnels after disabling the VPN portal on the WAN zone. |
This update resolved one issue.
| Issue ID | Description |
|---|---|
| NCL-1720 | Resolved a vulnerability in Sophos Connect on macOS. If a user visited a malicious website, it could fetch log files and the technical support report from Sophos Connect. |
IMPORTANT:
Sophos Connect 2.3 is compatible with the following firewall and UTM versions:
This update resolved various issues.
| Issue ID | Description |
|---|---|
| NCL-1847 | Resolved an issue where Sophos Connect 2.3 installation failed with the following error: "OpenVPN service failed to start". |
| NCL-1842 | Resolved an issue where the SSL VPN connections between Sophos UTM 9.713 and Sophos Connect 2.3 didn't work. |
| NCL-1852 | Resolved an issue where Sophos Connect 2.3 failed to set up a tunnel when the certificate had a weak signature algorithm. |
IMPORTANT:
vpn_portal_port syntax to enter the VPN portal port.| Issue ID | Description |
|---|---|
| NCL-1797 | Resolved an issue where the login script didn't run. |
| NCL-1834 | Addressed the following CVEs which affect OpenVPN: 2.0 - 2.6.9. |
| NCL-1763 | Resolved an issue where authentication failed for SSL VPN in Sophos Connect 2.2.90 when the password contained two consecutive double quote characters. |
| NCL-1756 | Upgraded the OpenSSL version from 1.1.1n to 1.1.1w to address various vulnerabilities. |
| NCL-1721 | Resolved an issue where users couldn't sign into the Sophos Connect client if their username contained a space or a special character. |
| NCL-1707 | Resolved an issue when the GUI didn't show a connection as established if it was renamed. |
| NCL-1620 | Resolved an issue where the display_name field in the provisioning file wasn't working as expected. |
| NCL-1383 | Resolved an issue where the Sophos Connect client added DNS addresses to the end of the TAP adapter list instead of replacing them. |
This update resolved various vulnerabilities.
| Issue ID | Description |
|---|---|
| NCL-1699 | Resolved an XXS vulnerability in Windows SCC that occurred when renaming a connection. |
| NCL-1708 | Resolved a vulnerability in Windows where any website could easily fetch log files and the technical support report from Sophos Connect 2.2.75. |
| NCL-1725 | Resolved a vulnerability in Windows where malicious VPN files were shared on the Sophos Connect client (2.2.75). |
This is primarily a security and quality update that addresses issues in the libraries used by Sophos Connect and issues in the Sophos Connect client.
| Issue ID | Description |
|---|---|
| NCL-1635 | Security fix for CVE-2022-0778. |
| NCL-1585 | Security fix for CVE-2021-27406 in OpenVPN binary. |
| NCL-1490 | Security fix for CVE-2021-3606 in OpenVPN. |
| NCL-1667 | Security hygiene cleanup for CVE-2020-1967. |
| NCL-1622 | Resolved an issue with a GCM Cipher parsing error. |
| NCL-1399 | Resolved an issue with a random SSL authentication failure. |
| NCL-1616 | Resolved connection issues with special characters in a password. |
| NCL-1372 | Resolved connection issues with special characters in a password. |
| NCL-1319 | Resolved provisioning issues with special characters in a password. |
| NCL-1256 | Resolved provisioning issues with special characters in a password. |
| NCL-1261 | Resolved SSL authentication issues with multiple spaces in a username. |
| NCL-569 | Resolved provisioning issues with special characters in a username. |
See Sophos Connect Known Issues list for a full list of known issues with Sophos Connect.
You can establish IPsec and SSL VPN tunnels using the Sophos Connect client on some endpoint platforms and versions. Check the platform version of your endpoint to see if you can use the Sophos Connect client.
Note: Currently, the Sophos Connect client doesn't support mobile platforms for IPsec and SSL VPN. You can use the OpenVPN client app instead.
You can use the provisioning file to enable users to automatically import remote access configurations into the Sophos Connect client. Make sure you use a compatible version of the Sophos Connect client. For details, see the following tables:
| Operating system | Configuration file (.scx, .tgb) | Provisioning file (.pro) | ||
|---|---|---|---|---|
| Support | Sophos Connect version | Support | Sophos Connect version | |
| Windows (32-bit) | Yes | 1.0 to 2.4 | Yes | 2.1 to 2.4 |
| Windows (64-bit) | Yes | 1.0 and later | Yes | 2.1 and later |
| Windows (ARM) | Yes | 2.5 and later | Yes | 2.5 and later |
| macOS (Intel) | Yes | 1.0 and later | No | Not applicable |
| macOS (ARM via Rosetta2) | Yes | 1.0 and later | No | Not applicable |
Note: You can establish remote access IPsec VPN connections using the configuration file on earlier versions of the Sophos Connect client. However, if you want to use the provisioning file, you must use a later version of the client.
| Operating system | Configuration file (.ovpn) | Provisioning file (.pro) | ||
|---|---|---|---|---|
| Support | Sophos Connect version | Support | Sophos Connect version | |
| Windows (32-bit) | Yes | 2.1 to 2.4 | Yes | 2.1 to 2.4 |
| Windows (64-bit) | Yes | 2.1 and later | Yes | 2.1 and later |
| Windows (ARM) | Yes | 2.5 and later | Yes | 2.5 and later |
| macOS (Intel) | Yes | 2.0 and later | No | Not applicable |
| macOS (ARM via Rosetta2) | Yes | 2.0 and later | No | Not applicable |
For Sophos Connect 2.5 and later versions, we support the following Windows versions:
For Sophos Connect 1.0 to 2.4, we support the following Windows versions:
For Sophos Connect 2.0 and later versions, we support the following macOS versions:
For Sophos Connect 1.4 MR1, we support the following macOS versions:
You can find technical support for Sophos products in any of these ways:
Copyright © Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.
Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.