Sophos Connect client
Sophos Connect client is VPN software that runs on Microsoft Windows 7 SP2 and later, and Mac OS 10.12 and later. It establishes highly secure, encrypted VPN tunnels for off-site employees.
You can download the Sophos Connect client and Sophos Connect Admin by clicking Download on the Sophos Connect client page. You can check if the pattern for the Sophos Connect client has been downloaded from .
- Enable the Sophos Connect client, specify VPN settings and add users on the Sophos Connect client page.
- Add a firewall rule so that the Sophos Connect client can access the configured LAN networks. For information on how to add a firewall rule, see Firewall. If you want to allow LAN and VPN traffic in both directions, add both LAN and VPN to the source and destination zones. If you want to allow specific traffic for each direction, you need to create separate rules.
To export a connection, enable the Sophos Connect client and click Export connection.
The remote users import the connection file and establish a connection using the Sophos Connect client. See Sophos Connect Help for more details.
To revert to factory settings, click Reset.
General settings
- Sophos Connect client
- Enable the Sophos Connect client.
- Interface
- Select the WAN port, which acts as the endpoint for your tunnel.
- Authentication type
-
Authentication to use for the connection.
Preshared key Authenticate endpoints using the secret known to both endpoints.
Digital certificate Authenticate endpoints by exchanging certificates (either self-signed or issued by a certificate authority).
- Local ID
- For preshared key, select an ID type and type a value. DER ASN1DN (X.509) is not acceptable.
- Remote ID
- For preshared key, select an ID type and type a value. DER ASN1DN (X.509) is not acceptable.
- Allowed users
- Add users who are allowed to connect using the configured Sophos Connect client.
Client information
- Assign IP from
- Range from which an address will be leased to the client. The client uses
the assigned address for the duration of the connection. This must be a private IP address
range with at least a 24-bit netmask.Note The IP address range leased to Sophos Connect clients must not contain IP addresses that are in use.
- Allow leasing IP address from RADIUS server for L2TP, PPTP, and Sophos Connect client
- When users are authenticated on a RADIUS server, use the IP address provided by the RADIUS server. If no addresses are provided by the RADIUS server, the static address configured for the user will be assigned or an address will be leased from the specified range.
- DNS server 1
- Primary DNS server to use for the connection.
- DNS server 2
- Secondary DNS server to use for the connection.
- Sophos Connect client
- Click Download to download the Sophos Connect client installers and the Sophos Connect Admin tool:
macOS: Sophos Connect_1.4_(IPsec).pkg
Windows: SophosConnect_2.0_(IPsec_and_SSLVPN).msiSophos Connect Admin tool: (scadmin(legacy).msi)
You can use the Sophos Connect Admin tool to specify advanced security and flexibility settings.
Advanced settings
- Disconnect when tunnel is idle
- Disconnect idle clients from the session after the specified time.
- Idle session time interval
- Time, in seconds, after which idle clients will be disconnected.