About Sophos Connect Admin

In Sophos Connect Admin you can import config (.tgb) files and configure various options for your VPN setup.
Note For information on how to configure and export a .tgb file on the XG, see the Sophos Connect Client section of the XG help guide: Sophos Connect client.

The installation and uninstallation processes are the same as the processes for Sophos Connect. See the Installation section of the Sophos Connect help guide for more information.

Editing configuration files

You can edit your configuration (.tgb) files in Sophos Connect Admin, which provides you with more granular VPN configuration options.

Open the .tgb file you have exported from the XG in Sophos Admin. You can:
  • Enable Tunnel All to send all traffic through the VPN connection.
  • Enable Send Security Heartbeat to allow Sophos Endpoint to send a heartbeat to the XG. This will only work if the user has the Sophos Endpoint client installed on their machine.
  • Enable Allow Password Saving to allow the users to save their user name and password on their machine. The user credentials are stored securely using keychain services.
  • Enable Prompt for 2FA if you have configured Two Factor Authentication for the VPN users on the XG.
  • Enable Auto-Connect Tunnel to automatically enable the connection after the user logs on to Sophos Connect on their machine. Sophos Connect will not automatically initiate the connection if the user is already connected to the corporate network.

    Auto connect requires an additional configuration parameter: DNS Suffix/Monitoring Host, that can be used to determine if the user's local system is inside or outside the corporate network. Use one of the following values:

    • An IP address.
    • A Fully Qualified Domain Name (FQDN). The host name must only resolve when using the internal DNS server.
    • A DNS suffix.
    Note If you configure an IP Address or FQDN, ICMP must be allowed on this host.
  • Add, modify and delete Networks that the user can connect to. Adding specific networks to the list enables split tunneling, as the user will access resources on those networks through the VPN connection, but will access internet resources straight through their remote gateway.
    Note If you delete all networks, Tunnel All mode will be activated, meaning all traffic will be directed through the VPN connection.
  • Change the Connection Name and Target Host.

    If you Clear the configuration, you will need to import the .tbg file again.

    If you Save the configuration, it will be saved as a .scx file.

    Note You can import .scx files and re-edit them.

When you have saved the configuration file you can send it to the user, who will import it into Sophos Connect. For more information, see Sophos Connect.