Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-connect/help/en-us/index.html?contextId=sophos-connect-command-line-tool

Sophos Connect command line tool

The Sophos Connect command line (SCCLI) tool is a command-line utility that lets you manage VPN connections in the Sophos Connect Client. You can use SCCLI to add, remove, rename, enable, or disable VPN connections. Additionally, you can list available VPN connections and get statistics for active VPN tunnels.

The SCCLI tool is typically located in the Sophos Connect Client installation directory on the user's device.

Example

Windows default path: C:\Program Files (x86)\Sophos\Connect

Command syntax

The basic command syntax is as follows:

sccli [Command] [Options]

Available commands

To see the list of available commands type sccli ? and press Enter. The following text is shown:

Command line interface for controlling the Sophos Connect client.
Usage:
    sccli action [options...]

    add      Adds a connection into the Sophos Connect engine.
    remove   Removes a connection from the Sophos Connect engine.
    update   Updates a connection in the Sophos Connect engine.
    list     Lists the connections in the Sophos Connect engine.
    enable   Enables a connection.
    disable  Disables a connection.
    get      Gets connection information.
    show     Shows various information.

For more information on an action, use --help. For example, "sccli add --help"

add

To see options for the add command, type sccli add ? then press Enter. The following text is shown:

Command line interface for controlling the Sophos Connect client.
Usage:
    sccli add [options...]

add options:
    -f, --file PATH  Adds the connection from the specified path.
    -d, --data       Send the file data instead of the file path.
    -n, --name NAME  The user-friendly name of the connection. If this option
                     is omitted, the name will be determined automatically.
    -a, --auto       Automatically enable the connection. (TBD)
    -o, --overwrite  Overwrite the connection if it already exists.
    -v, --verbose    Show verbose messages.
    -H, --help       Show help for the add command.

* The add command will fail in environments where policy does not allow
unmanaged connections to be used.
* If the add command is successful, the connection's name will be written to
the command line. This name is used in other command line options.
* If the auto option is omitted, the connection may still automatically be
enabled based on the settings in the connection file.

remove

To see options for the remove command, type sccli remove ? then press Enter. The following text is shown:

Command line interface for controlling the Sophos Connect client.
Usage:
    sccli remove [options...]

remove options:
    -n, --name NAME  The name of the connection to remove.
    -V, --verbose    Show verbose messages.
    -H, --help       Show help for the remove command.

* The remove command will fail in environments where policy does not allow
unmanaged connections to be used.
* The remove command can only remove connections added with the add command.
Managed connections cannot be removed.
* If a connection is enabled when the remove command is given, it will be
disabled before removing.

update

To see options for the update command, type sccli update ? then press Enter. The following text is shown:

Command line interface for controlling the Sophos Connect client.
Usage:
    sccli update [options...]

update options:
    -n, --name NAME              The name of the connection to update.
    -y, --display-name DISPLAYNAME
                                The name to set as the display name for the
                                connection.
    -g, --gateway GATEWAY        The gateway to which the connection will be
                                made.
    -c, --clear-credentials      Clear saved credentials for the connection.
    -e, --enable-ac              Enable auto-connect for the connection.
    -d, --disable-ac             Disable auto-connect for the connection.
    -k, --enable-cc              Enable connectivity checks for the
                                connection.
    -l, --disable-cc             Disable connectivity checks for the
                                connection.
    -o, --otp OTP                Updates the one-time password for an active
                                connection and initiates a re-connect.
    -V, --verbose                Show verbose messages.
    -H, --help                   Show help for the update command.

list

To see details for your VPN connections, type sccli list -d then press Enter. Here's an example:

Connections:
  CiscoVPN_Cert
    Display Name: CiscoVPN_Cert
    Gateway: example.com
    Auto-Connect: not available, not enabled
    IKE version: 1
    Last connect time: Mon Dec 17 09:31:18 2018
    Last connect result: 0
    Latency: unknown
    Favicon: not present
    User authentication type: XAuth
    IKE authentication type: preshared key
    IKE state: off

enable

To see options for the enable command, type sccli enable ? then press Enter. The following text is shown:

Command line interface for controlling the Sophos Connect client.
Usage:
    sccli enable [options...]

enable options:
    -n, --name NAME        The name of the connection to enable.
    -c, --cert PATH        The path to an encrypted PFX certificate file to
                          use for certificate authentication.
    -u, --username USERNAME The username to use for username / password
                          authentication.
    -p, --password PASSWORD The password to use for username / password
                          authentication, or the password used to decrypt the PFX
                          certificate file for certificate authentication.
    -V, --verbose          Show verbose messages.
    -H, --help             Show help for the enable command.

* If a username and / or password is not supplied for connections that
require them, this program will prompt for them.
* If a certificate file and / or password is not supplied for connections
that require them, this program will prompt for them.

disable

To see options for the disable command, type sccli disable ? then press Enter. The following text is shown:

Command line interface for controlling the Sophos Connect client.
Usage:
    sccli disable [options...]

disable options:
    -n, --name NAME  The name of the connection to disable.
    -V, --verbose    Show verbose messages.
    -H, --help       Show help for the disable command.

* If the connection is already disabled when the disable command is given,
success will be returned.
* The disable command may fail if policy does not allow for the disabling of
managed connections.

get

To see options for the get command, type sccli get ? then press Enter. The following text is shown:

Command line interface for controlling the Sophos Connect client.
Usage:
    sccli get [options...]

get options:
    -n, --name NAME  The name of the connection to get.
    -t, --type TYPE  The type of data to get. One of all (defaut), config,
                    endpoints, network, dynamic, security.
    -V, --verbose    Show verbose messages.
    -H, --help       Show help for the get command.

show

To see options for the show command, type sccli show ? then press Enter. The following text is shown:

Command line interface for controlling the Sophos Connect client.
Usage:
    sccli show [options...]

show options:
    -v, --version  Shows version information from the Sophos Connect engine.
    -h, --hello    Shows the hello values.
    -V, --verbose  Show verbose messages.
    -H, --help     Show help for the show command.