Hello and happy new year.

I have a Sophos XG 330.

Remote users utilize Sophos connect with a SSL VPN profile. The profile is obtained by logging into the user portal and importing into Sophos Connect

Majority of users will have imported their SSL VPN profile into Sophos Connect when we only had 1 external interface. This is plugged into port 2

We have recently purchased a new leased line which is plugged into and configured on a different interface. This is plugged into port 5.

The leased line in port 2 has been cancelled and will go offline in a few weeks.

So I need to address all users SSL VPN configuration to ensure it connects to the new leased line IP address connected to port 5.

The SSL VPN global settings has no override hostname and the SSL server certificate is the Appliance certificate. Am I correct in saying, if users import the config profile again now we have two external interfaces, it will connect to the new interface if the ‘old’ one cannot be reached?

OR here’s a better way. Let’s start to use a provisioning file and deploy to users.

I’ve created one and it works for me. The gateway in the .pro file is the new leased line IP, however, when it downloads the configuration into my Sophos Connect, it names the connection to the ‘old’ port 2 interface and uses that IP to connect. I’m struggling to understand how I can configure the provision file to only use the new port 5 external interface.

I’m thinking I should deploy the provisioning file so at least everyone has the same config, go into the SSL global settings and change the override hostname to the IP addresses of port5, then get users to “update policy” on Sophos Connect. Would this be the best approach?

Thanks for your time and any help is appreciated.