Google Workspace Add-ons now generally available in Google Docs, Sheets, and Slides

Quick Summary 

Google Workplace Add-ons are now available for Google Docs, Sheets, and Slides. Google Workspace Add-ons are already available for Calendar, Gmail, and Google Drive.

Google Workspace Add-ons allow you to use third-party applications within Google Workspace, helping you get work done faster without switching from one app to another. 

Organizations can also create add-ons using Apps Script or alternative runtimes — use the Google Workspace Developer guide for add-ons to learn more about building add-ons. 

Getting started 

Rollout pace 

Availability 

  • Available to Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education, Enterprise for Education, and Nonprofits customers and users with personal accounts.  

Resources 


[ad_2]

Net Universe offers all Google devices with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/google.
You can visit our Shop Online

 

LockBit uses automated attack tools to identify tasty targets – Sophos News

Earlier this year, we analyzed the inner workings of LockBit, a ransomware family that emerged a year ago and quickly became another player in the targeted extortion business alongside Maze and REvil. LockBit has been quickly maturing, as we observed in April, using some novel ways to escalate privileges by bypassing Windows User Account Control (UAC).

A series of recent attacks detected by Sophos provided us with the opportunity to dive deeper into LockBit’s tools, techniques and practices. The actors behind the ransomware use a number of methods to evade detection: calling scripts from a remote Google document, using PowerShell in a way that may foil some efforts at monitoring and logging to establish a persistent backdoor—by using renamed copies of PowerShell.exe. The attack scripts also attempt to bypass Windows 10’s built-in anti-malware interface, directly applying patches to it in memory. Internally, we’ve referred to this style of LockBit attack as “PSRename.”

Based on some artifacts, we believe that some components of the attack were based on PowerShell Empire, the PowerShell-based penetration testing post-exploitation tool. Using a series of heavily obfuscated scripts controlled by a remote backend, the PowerShell scripts collect valuable intelligence about targeted networks before unleashing the LockBit ransomware, checking for signs of malware protection, firewalls and forensic sandboxes as well as very specific types of business software—particularly, point-of-sale systems and tax accounting software. The series of attack scripts only deploys ransomware if the fingerprint of the target matches attractive targets.

Aside from the initial point of compromise and registry key entries, these attacks left little in the way of a file footprint for forensic analysis. The ransomware was pulled down by scripts and loaded directly into memory, and then executed. And the attackers did a thorough cleanup of logs and supporting files when the attack was executed.

These highly automated attacks were fast—once the ransomware attack was launched in earnest, LockBit ransomware was executed across the targeted network within 5 minutes, leveraging Windows administrative tools.

Layers of obfuscation

The organizations hit in the eight attacks we analyzed were smaller organizations with only partial malware protection deployed. None of them had public Internet facing systems on their networks, though one had an older firewall with ports open for remote administration by HTTP and HTTPS.

It’s not clear what the initial compromise was across these organizations, as we had no visibility into the event. But it appears all of the activity in the attack we analyzed here were initiated from a single compromised server within the network used as the “mothership” for the LockBit attack.

While analyzing one of the attacks, we found traces of a number of PowerShell scripts that were launched against systems that had malware protection in place. The scripts gave a clear picture of the degree of automation of the attack, and also demonstrated the lengths the LockBit operators had gone to make forensic analysis of their attacks as difficult as possible.

In the first stage of the attack, a PowerShell script connects to a Google Docs spreadsheet, retrieving a PowerShell script encoded in Base64 from the body of the spreadsheet.

malicious Google spreadsheet
The code is hidden in cell B1 of this Google Sheets document.

The script fetches the contents of cell B1 in the sheet and executes it. The retrieved script makes a copy of PowerShell in the system’s TMP folder, and executes Base64-encoded contents with that copy:

The code concealed in the Google Sheets document’s cell, with Base64-encoded content.
decoded bad script screenshot
The contents of the encoded section.

Decoding the script reveals it uses a System.Net.ServicePointManager object to create a session connecting to hxxps://142[.]91.170.6, downloading yet another stream of encoded script. This much larger chunk of code contains a function that creates a persistent backdoor. Using a template, the function selects a new name and path to create copies of PowerShell.exe and the Microsoft Scripting Host mshta.exe, as well as fictional agent descriptions to make them look like other legitimate processes.  It also creates a Task Scheduler manifest file that uses the renamed executables, scheduling a VBscript command to be executed by the scripting host that invokes the backdoor with the renamed PowerShell executable:

We also found the LockBit attackers use another form of persistent backdoor, using an LNK file dropped into Windows’ startup commands folder. The LNK file launches Microsoft Scripting Host, to run a VBScript, which in turn executes a PowerShell script to read data stored in the link file itself encoded in Base64.
The extra LNK bytes decode to yet another encoded chunk of PowerShell, decoded below:

screenshot of code
PowerShell code stored in the end of the LNK file used by Lockbit to create a persistent backdoor.

The script connects to the remote server and pulls down the backdoor script as a stream, then executes the downloaded script with the command line interpreter.

Empire building

The backdoor stub downloads more obfuscated code, establishing a proxy connection to the command and control server, and creating a web request to pull down more PowerShell code.  One of the modules downloaded is a collection functions used to perform reconnaissance on the targeted system and to disable some of its anti-malware capabilities.

One of the functions in the module aims to disable Microsoft Windows’ Antimalware  Scan Interface (AMSI) provider by changing its code in memory.  The backdoor uses a script to load a Base64-encoded DLL into memory, and then executes a PowerShell code that invokes C# code calling the DLL’s methods to patch the copy of the AMSI library already in kernel memory. This code is repeated in another module discovered during our analysis:

A portion of the script used by LockBit actors to attempt to “patch” AMSI.

Another module downloaded by the backdoor checks for anti-malware software and artifacts that indicate it is running on a virtual machine, but also checks for software that may indicate the system is of greater value—using a regular expression to look for tax accounting and point-of-sale software, specific web browsers, and other software:

VM detection function in the scripts downloaded by the LockBit backdoor.
Code that searches the WIndows registry for software that is interesting to the LockBit attackers.

The regular expression parses the local Windows registry, looking for matches to the following keywords:

Keyword Target
Opera Opera browser
Firefox Mozilla Firefox browser
Chrome Google Chrome browser
Tax Search for any tax-related software process
OLT OLT Pro desktop tax software
LACERTE Intuit Lacerte tax software for accountants
PROSERIES Intuit ProSeries tax software
Point of Sale Search for point-of-sale (retail) software
POS Search for point-of-sale (retail) software
Virus Search for anti-malware processes
Defender Microsoft Windows Defender
Secury
Anti Search for anti-malware processes
Comodo Search for Comodo antivirus or firewall
Kasper Kaspersky anti-malware software
Protect Search for anti-malware processes
Firewall Search for firewall processes

 

If and only if the fingerprint generated by these checks indicate the system is what the attackers are looking for, the C2 server sends back commands that execute additional code.

Wrecking crew

Depending on what responses come back from the C2, the backdoor can execute a number of tasks, designated by a numeric value. They include simply forcing a logoff, grabbing hash tables to apparently exfiltrate for password cracking, attempting to configure a VNC connection, and attempting to create an IPSEC VPN tunnel. These tasks are executed using variables and modules pushed down by the C2, obfuscating most of their functionality.

Instrumented backdoor script used by LockBit.

In the attacks we analyzed, the PowerShell backdoor was used to launch the Windows Management Interface Provider Host (WmiPrvSE.exe). Firewall rules were configured to allow WMI commands to be passed to the system from a server—the initially compromised system—by creating a crafted Windows service.

And then, the attackers launched the ransomware via a WMI command, filelessly—without dropping a single file artifact on the disk of the targeted systems. In one case, the WMI commands used port 8530 to reach back to the initially compromised server—the port used for Windows Server Update Service. The server was running Internet Information Server but had never been fully configured to run WSUS. The .ASP file on the server contained a key which was loaded into memory and used to unlock additional operations by the dropper code and trigger the ransomware.

All of the targets were hit within five minutes over WMI. The server-side file used to distribute the ransomware, along with most of the event logs on the targeted systems and the server itself, were wiped in the course of the ransomware deployment. Sophos Intercept X stopped the attack on systems it was installed upon, but other systems did not fare as well.

A moving target

It’s not a surprise to see yet another ransomware operator using repurposed code from the offensive security tools world—we recently saw Ryuk using Cobalt Strike post-exploitation tools to great effect. PowerShell Empire is easily modified and extended, and the LockBit crew appears to have been able to build a whole set of obfuscated tools just by modifying existing Empire modules.

It’s also not a real surprise that ransomware actors would want to target AMSI, the interface used by many anti-malware tools (including Sophos’) to monitor potentially malicious processes running on Windows 10. By combining the use of native tools, logging evasion, and the blinding of AMSI, the LockBit gang has made it increasingly difficult to detect and defeat their attacks once they’ve established a foothold.

The only way to defend against these types of ransomware attackers is to have defense in depth and to have consistent implementation of malware protection across all assets. Not having a handle on what services are exposed on a network makes modeling for threats like these difficult. And if services are misconfigured, they can easily be leveraged by attackers for ill purpose.

Sophos detects these abuses of PowerShell and the LockBit ransomware. A list of IOCs for these attacks is posted on the Sophos GitHub here.

SophosLabs would like to acknowledge the contributions of Vikas Singh, Felix Weyne, Richard Cohen and Anand Ajjan to this report.

Net Universe offers all Sophos Devices and subscritpions also consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/sophos.

New Enhancements to Central XG Firmware Updating – Release Notes & News – XG Firewall

We’re pleased to announce the addition of bulk firmware updating to Sophos Central firewall management! This feature is available today, for all grouped firewalls, and allows you to trigger immediate firmware updates in one action, for any number of grouped firewalls that have firmware updates available. We’re also pleased to announce the arrival of Scheduled firmware updates! for firewalls running XG v18 MR3 or newer, the time when firmware updates may be installed, may be scheduled from Central.

What’s New and How to Use it:

  • Bulk Firmware Upgrades – On the Group menu, Firmware Upgrades may now be selected. This option will bring up a list of firewalls with pending updates. You may select any or all of the firewalls, then with “immediately” selected for the schedule, click Schedule Upgrade. All selected firewalls will begin upgrading shortly, and you will se a spinning gear icon once the upgrade has started. 
  • Scheduled Firmware Upgrades – Requires firewalls to be running at least v18 MR3 or newer. When upgrading the firmware for a single firewall by clicking the upgrade icon, or when bulk updating firmware, you may now choose to install immediately, or schedule the update to occur at a future time and date. The schedule will be run based on the firewalls local time zone. 

Net Universe offers all Sophos Devices and subscritpions also consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/sophos.

Introducing Zia, the smart HR assistant

Introducing-Zia-in-Zoho-People


Employees often know when there are easier ways to be performing their routine tasks. Not only does manual work drain morale, but it also distracts employees from their other important activities.

Introducing-Zia-in-Zoho-People

Understanding these concerns, we have introduced Zoho’s AI chatbot, Zia, in Zoho People to help your employees automate their everyday tasks. Here’s how Zia can be useful for your employees:

  • Performs the complete leave application process on behalf of your employees. Your employees just have to input the date, leave type, and reason.

  • Fetches the list of upcoming holidays and leave reports.

  • Provides a complete list of all your pending tasks within Zoho People.

  • Raises requests and inquiries for employees through the case management module.

  • Helps employees “Check-in” and “Check-out” for the day.

Read more about how Zia can be useful to your employees in our HR Knowledge Hive.

Net Universe offers all Zoho subscritpions and consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/zoho.

Fortinet Maintains Position as a Challenger in the 2020 Gartner Magic Quadrant for Web Application Firewalls

Fortinet has announced that it has maintained its position as a Challenger in Gartner 2020 Magic Quadrant for Web Application Firewalls.

Organizations continue to rely on internet-facing web applications and APIs to achieve their digital innovation goals, and as a result, web application and API protection continues to grow in importance for businesses worldwide. Web applications support a wide range of critical line-of-business functions, including ecommerce, payroll, inventory management, learning management systems, and more. 

FortiWeb, Fortinet’s Web Application Firewall solution, was created to protect these business-critical web applications and APIs from cyber attacks targeting both known and unknown vulnerabilities, while also ensuring business continuity and productivity. FortiWeb leverages advanced machine learning (ML) techniques to customize protection of each application, saving organizations staff hours by cutting out the need for the time-consuming manual tuning required by other solutions. FortiWeb ML identifies anomalous behavior and determines whether it is malicious or benign, enabling security staff to rapidly address malicious activity. 

Customers can select the FortiWeb option that best fits their use case given its flexible deployment options. This includes hardware appliances, virtual machines, and containers that can be deployed in the data center, cloud environments, or the cloud native Security-as-a-Service (SaaS) solution FortiWeb Cloud, our WAF as a Service offering.

As customers increasingly deploy applications in multiple environments that include both private data centers and public clouds and continue to push application changes at an ever increasing pace, they face the challenge of implementing consistent application security across these diverse environments. To help those teams keep pace, our WAF-as-a-Service offering, FortiWeb Cloud, leverages public cloud infrastructure to deliver the same application and API protection as our physical and virtual appliances, but without the requirement to maintain and manage infrastructure. In fact, Fortinet uses this very service to protect our own website as well as for protecting critical departmental line-of-business web applications. 

Fortinet continues to invest in the innovative WAF capabilities that our customers require as they continue their digital transformation journeys, including these key enhancements from 2020: 

  • Deep learning capabilities that continuously model users’ behaviors to detect anomalies and block threats without creating the false positives that drive administrative overhead
  • Expanded options for deploying FortiWeb Cloud on AWS, Azure and Google Cloud

As a result of this continued innovation, Fortinet delivers FortiWeb customers with advanced threat protection for web applications while ensuring business continuity and productivity. Read the full Gartner 2020 Magic Quadrant for Web Application Firewalls report to learn more about our placement in the Challengers quadrant.

Learn how Fortinet’s Dynamic Cloud Security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud. 

Gartner, Magic Quadrant for Web Application Firewalls, 19 October 2020, Jeremy D’Hoinne, Adam Hils, Rajpreet Kaur, John Watts

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Fortinet.

As Fortinet partners, Net Universe offers all Fortinet devices and subscriptions with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/fortinet.
You can visit our Shop Online

Grant access to Drive files directly from Gmail

Quick launch summary 

We’re making it easier to manage access requests to Drive files by sending dynamic emails which allow you to respond to the request without leaving Gmail. 

When someone requests access to a Drive file, you’ll receive an email with the access request. Now, Gmail users will be able to manage that request directly from that email, without leaving the message. Specifically, you’ll receive a dynamic email that lets you review the request, choose the access level (e.g. edit, comment, or view), and grant access directly from the email. 

Previously, you had to open the document in a new tab or app to manage the access request. The dynamic email will make it quicker and simpler to manage these requests and control access to your files. It will work for Gmail users on the web, on Android, and on iOS. 

Getting started 

Rollout pace 

Availability 

  • Available to Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education, Enterprise for Education, and Nonprofits customers, and users with personal Google Accounts 

Resources 


[ad_2]

Net Universe offers all Google devices with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/google.
You can visit our Shop Online

 

Think Twice: 5 tips to protect yourself from email spam

James is a shopaholic. Whenever James receives an email with a discount code or a deal, he clicks the links to take advantage of that offer without any second thoughts. He doesn’t hesitate to drop his email address in the comment boxes of his favourite brand or influencer’s social media page, in the hopes of winning a giveaway contest. He happily explores emails from unknown senders. After one of the offer codes he was waiting for ended up in the spam folder of his mailbox, he disabled all spam filters in his email settings so that he won’t miss any future sale.

One time, James received an email with a coupon for his favourite phone attached as a PDF file. Despite the warnings from his email service provider that the attachment could be malicious, he downloaded the coupon. And that coupon ended up being a macro virus. The virus disabled his computer, stole all the information he had including sensitive financial data. Now, James has to handle his loss of information, security, and privacy, along with his disabled device.

James is just one among many affected by spam’s spoof and phishing attacks but there are many things you can do differently to prevent yourself from becoming a victim like James. We already discussed in detail about spam and its types. In this blog, let’s look at a few tips to help avoid email spam.

Never give out your email address in a public forum

No matter how tempting an offer is, it’s best to avoid giving out your email address in any public forum. You may think sharing it on the page or profile of a trusted brand is safe, but many spammers use crawlers to scan random pages and extract email addresses for their database. Due to this, you will likely get spam emails and your email address could even serve as a front for future spoof attacks on others by spammers. So, it’s best to share your email address with the utmost caution.

Do not interact with spam emails

Most of the time, spammers get email addresses by randomly generating them—brute force method. They have no way of knowing the validity of an email address unless the recipient interacts with the email (which includes replying to an email, downloading embedded files or images, and clicking on the attached links). One common deceptive technique used by spammers to trick the recipient into interacting is by providing an “Unsubscribe” link. While authentic marketers do use this option appropriately, spammers use it as a tool to confirm the deliverability of your email address. This results in you getting “subscribed” to the spammer’s database instead of unsubscribing. Thus, it’s safest to leave a spam email alone and not interact with it at all except while marking it as spam. The next time you go out on vacation, auto-respond only to your contacts.

Know how email works

Understanding how email works and knowing common features—such as Preview sender, Envelope sender, SPF, DKIM, and DMARC—creates cognizance for you to be alert. By checking the header of any email you receive, you can track its trail and spot if an email is spoofed or authentic.

Avoid using public Wi-Fi

While public/free Wi-Fi networks seem like an optimal way to access internet, it can also be a bait. One of the most common threats on these networks is a Man-in-the-Middle (MitM) attack, which is a form of eavesdropping. Using this, a spammer can extract your email address, contact list, and other sensitive information, leaving your data compromised. To avoid this, it’s better to only use mobile internet and trusted Wi-Fi connections.

Report spam emails

It is always good to report any spam email you receive to your email service provider (ESP). Reporting spam or marking an email as spam helps your ESP track the spammer’s IP address and block any further email from them. This will prevent illegitimate emails from reaching your inbox.

Following these tips can help you prevent spam and cyber attacks. However, it is equally important to be able to protect you if in case a spammer breaks your firewall. Some of the precautionary measures include not storing passwords on your hard drive and rather go with options like Zoho Vault, changing your passwords periodically, not using the same keyword or phrases in all your passwords, using a good antivirus program, and keeping your OS updated.

While consciously protecting yourself from spam is crucial, we at Zoho Mail also go the extra mile to provide you with the industry-standard spam filters and preventive techniques. We’ll discuss how you can best use these Zoho Mail features in the next blog. Until then, stay informed and stay safe.

 


Yamine Durai


Yamine Durai, a part of Zoho Mail’s marketing team, is a tech enthusiast.
But if you spot her away from office hours, you will probably find her reading a history book while honing her oratory skills.

Net Universe offers all Zoho subscritpions and consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/zoho.

Internet security myth-busters: Debunking 3 common misconceptions about two-factor authentication





Internet security myth-busters: Debunking 3 common misconceptions about two-factor authentication | Yubico




Internet security myth-busters: Debunking 3 common misconceptions about two-factor authentication | Yubico




























Scroll to top

Net Universe offers all Yubikeys with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/yubikey.
You can visit our Shop Online

 

Zoho Sign for iOS 14 and iPadOS 14

Zoho Sign for iOS 14 and iPadOS 14

As we move closer to the holiday season, Apple has shown no signs of slowing down, despite 2020 being a turbulent year. They didn’t stop after announcing major updates to their software with iOS 14, iPadOS 14, and macOS Big Sur. They’re also launching a new generation of gadgets, accompanied by an all-new services bundle.

These introduce several improvements to the iOS user interface that once again look to fundamentally change the way users interact with mobile apps. Here’s a quick round-up of the enhancements available to users when they upgrade their operating system and the Zoho Sign app to the latest updates with iOS 14 and iPadOS 14.

SignForms
You can now access and manage your SignForms on the Zoho Sign mobile app. From there, you can enable or disable SignForms, change names, modify response limits, enforce authentication, share public URLs, and monitor responses.

SignForms

App Clips
With the help of App Clips, any iOS 14 user can access and sign documents digitally via SignForms, even if they don’t have the Zoho Sign app. This lets you share policies, agreements, and forms via NFC tags, QR codes, iMessage, and other methods. After that, the recipient can quickly sign them via a lightweight workflow powered by the Zoho Sign app directly from the App Store.

For example, let’s say you’re hosting a PR event with an open invitation to all influencers, journalists, and analysts. With App Clips, it’s easy to incorporate the registration form and any associated paperwork directly into your promotions. You can simply include the QR code for the event registration SignForm in your collateral, both print and digital. Interested parties can scan it on their phone to fill out the form and sign the accompanying documents. This makes e-signing documents quick and accessible. It also offers users a glimpse of what they can do with the Zoho Sign app, without needing to install it from the App Store.

App Clips

Widgets
Apple is finally treating users to widgets on their home screen in iOS 14. Of course, we wanted to let Zoho Sign users make the most of them. You can now track and manage your paperwork with a tap of your fingers by adding Zoho Sign widgets to your home screen. These widgets help you perform common actions, such as signing documents, sending documents for signatures, and tracking document progress, all without having to open the Zoho Sign app.

Widgets

Scribble with Apple Pencil
With iPadOS 13, you could use your Apple Pencil to create your e-signature for signing documents using Zoho Sign. With the latest round of updates, you can now use it to write on text fields when signing documents or sending them out for signatures. Then, just let iPadOS 14’s built-in OCR work its magic. This is our way of letting you enjoy pen-and-paper nostalgia, while continuing to operate paperless. 😉

Scribble with Apple Pencil

Besides these cool features, we have also updated the Zoho Sign app to support other new interface components such as the sleek menus, the photo picker, and the date picker to ensure we leave no stone unturned in offering our users the complete iOS 14 experience.

Update to iOS 14 and iPadOS 14 today for an updated digital signature experience with Zoho Sign. And if you don’t have the app yet, you can download it by clicking the button below:

Download on the App Store

Try these updates and let us know your feedback in the comments below, or write to us at support(at)zohosign(dot)com.

Happy Signing!


Sai Anand


Sai Anand is a Marketing Analyst for Zoho Sign. You can engage in a conversation with him by leaving a comment on any of his blog posts.

Net Universe offers all Zoho subscritpions and consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/zoho.

Sophos Connect v2 makes remote access VPN easy and fast – Sophos News

Working remotely and using VPN has become an important part of everyday life. With XG Firewall it’s extremely easy – and free!

XG Firewall is the only firewall to offer unlimited remote access SSL or IPSec VPN connections at no additional charge.

And we’ve significantly boosted SSL VPN capacity across our entire product range in XG Firewall v18 MR3 through several optimizations.

Our new Sophos Connect v2 remote access VPN client also adds new features that make remote access faster, better and easier.

What’s new in Sophos Connect v2

  • SSL VPN support for Windows
  • Bulk deployment of SSL VPN configurations (as with IPSec) via an enhanced provisioning file
    • Enhanced DUO token multi-factor authentication support
    • Auto-connect option for SSL
    • Option to execute a logon script when connecting
    • Remote gateway availability probing
  • Automatic failover to the next active firewall WAN link if one link fails
  • Automatic synchronization of the latest user policy if the SSL policy is updated on the firewall (when using the provisioning file to deploy) as well as a manual re-synchronization of the latest policy
  • File extension association for policy files – import a policy file into Sophos Connect just by double-clicking it in Windows Explorer, or opening the file attached in an email

XG Firewall v18 MR3 remote access enhancements:

  • Enhanced SSL VPN connection capacity across our entire firewall lineup. The capacity increase depends on your firewall model: desktop models can expect a modest increase, while rack mount units will see a 3-5x improvement in SSL VPN connection capacity.
  • Group support for IPSec VPN connections, which now enables group imports from AD/LDAP/etc. for easy setup of group access policy.

Making the most of Sophos Connect remote access

The first decision you will want to make is whether you wish to use SSL, IPSec, or both. Then set up your firewall to accept Sophos Connect VPN connections before deploying the client and connection configuration to your users.

SSL vs IPSec

With Sophos Connect v2 now supporting SSL (on Windows) and with the enhanced SSL VPN capacity available in XG Firewall v18 MR3, we strongly encourage everyone to consider using SSL to get the best experience and performance for your remote access users.

While macOS support for SSL remote access via Sophos Connect is expected soon, we recommend any organizations using macOS take advantage of the new OpenVPN macOS client in the interim.

XG Firewall setup

SSL VPN Setup is very straightforward:

  1. Follow these initial setup instructions for creating an IP address range for your clients, user group, SSL access policy, and authentication.

2. SSL VPN requires access to the XG Firewall User Portal. For optimal security, we strongly advise the use of multi-factor authentication. Set up two-factor authentication via Authentication > One-time password > Settings to ensure you’re only allowing MFA access to the user portal.

3. Create a firewall rule that enables traffic from the VPN zone to access your LAN zone (or whatever zones are desired).

Deployment of the client is equally easy:

  1. Client installer: The client installer is available by navigating to VPN > Sophos Connect Client on your XG Firewall. Sophos Connect documentation is available here.
  2. Connection configuration: The SSL VPN connection configuration (OVPN) file is accessible via the user portal, but we strongly encourage the use of a provisioning file to automatically fetch the configuration from the portal. This requires a bit more up-front effort, but greatly simplifies the deployment process and enables changes to the policy without redeploying the configuration. Review the full instructions on how to create a provisioning file with samples.
  3. Group Policy Management: The best way to deploy the remote access client and provisioning file is via Microsoft Group Policy Management. You will need the files mentioned in the steps above and then follow these step-by-step instructions.  You can also use any other software deployment tool you have available – even email.

Monitoring active usage:

You can monitor connected remote users from the XG Firewall Control Center…

And click to drill down to get the details…

Sophos Connect resources and helpful links

Net Universe offers all Sophos Devices and subscritpions also consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/sophos.