Sophos UTM Endpoint VPN

We use Sophos to secure our network via VPN, firewall, and Anti-virus.

We need to allow contractors to connect to our network.  We have already set policy that the contractor must have Sophos antivirus client installed on their computer (they can spin up a virtual machine if they need to) and we have set policy that all clients must be Windows 7 or higher and they must use the Sophos VPN client to connect.

Question:  When a contractor connects via Sophos VPN client, how can we determine that their computer has the antivirus installed and is up-to-date?  Also, how about patches?  

Note:  Contractor computers are NOT domain members.  They are stand-alone.

Who is Participating?
Dirk KotteConnect With a Mentor SECommented:
there is no option for endpoint comliance-scan within sophos VPN (IPSec or SSL).
if contractor don't need full filesystem/database access you should restrict rights for VPN-Users strongly.
we use controlled "jumphosts" to allow access for external contractors.
If only RDP or Citrix is necessary you have only 1-2 ports and nearly no risk.
JamesNTAuthor Commented:
That's what I was thinking.  I'm going to attempt to push for a Remote Desktop Services Gateway this week.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.