Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-connect/help/en-us/index.html?contextId=connections-connect

Establish connections

Establish a VPN connection between your endpoint and your organization's network using the Sophos Connect client.

Authenticate and connect the VPN tunnel

Make sure there's at least one imported connection available and that your firewall administrator has given you the required credentials.

To establish a connection, do as follows:

  1. Select a connection on the Connections page.

  2. Double-click the connection.

    You can also click Connect.

    The sign-in screen appears.

    Sign-in screen.

  3. Use one of the following methods to sign in:

    • Enter your username and password and click Sign in.

      Note

      Your username is case-sensitive.

      Enter the verification code if you're prompted for multi-factor authentication (MFA).

    • Click Single sign-on (SSO).

      This option is currently only available for Windows, starting with Sophos Connect Client version 2.4.

      The first time you sign in with SSO, you must enter your Microsoft Entra ID credentials.

      Enter the verification code if you're prompted for multi-factor authentication (MFA).

    Note

    If you imported the connection using a provisioning file, you'll get a warning that the server certificate can't be verified. Click OK to continue. If you don't want to see the message, contact your firewall administrator.

Sophos Connect authenticates you and establishes the connection to the remote server.

An example of a successful connection.

If the connection is successful, you'll see this icon on the system tray: Icon showing a successful connection.

VPN portal port

The VPN portal port is the port number for users to access the VPN portal and the port used to establish SSO.

Don't change this setting unless your administrator asks you to change it.

Force SSO re-login

If you've signed in using SSO and connected to the network using a shared endpoint, we recommend that you force SSO re-login. The next user must then sign in again and can't use your sign-in to connect to the tunnels. When the new user signs in with SSO for the first time, they must enter their Microsoft Entra ID credentials.

To force SSO re-login, do as follows:

  1. In Sophos Connect, click the menu icon in the upper-right corner.
  2. Click Force SSO re-login.
  3. Click OK.

Connection issues

If the connection is unsuccessful, you'll see this icon on the system tray: Icon showing an unsuccessful connection.

To troubleshoot connection issues, do as follows:

  • If you use single sign-on (SSO) and it doesn't work, make sure you have the latest configuration file that's configured for Microsoft Entra ID SSO. You can download and import the file again or ask your administrator for the latest configuration file.
  • To investigate the cause, click the Events tab or click the menu icon and select Open VPN log.
  • For help with troubleshooting, see Troubleshoot event errors and General troubleshooting.
  • You can also contact your IT administrator or firewall administrator for further assistance.

Note

If you've renamed the connection, the original name, as provided by your firewall administrator, still shows in the connection details. For instructions on how to rename it, see Connection options.

Tip

If tunnels that had connected earlier don't connect, your administrator may have made changes to the configuration file. Ask for the new file and import it to the Sophos Connect client.