Skip to content
Last update: 2022-03-11

SSL VPN (remote access)

You can provide access to network resources for individual hosts using point-to-point encrypted tunnels over the internet. Remote access requires digital certificates and a username and password.

SSL VPN remote access policies use OpenVPN, a full-featured SSL VPN solution. You can establish IPv4 and IPv6 SSL VPN connections.

Users must download one of the following clients from the user portal:

  • Sophos Connect client: We recommend using this client for advanced security and flexibility in configuration.
  • Legacy SSL VPN client software bundle from the user portal: The bundle includes an SSL VPN client, SSL certificates, and a configuration file.

Currently, the Sophos Connect client doesn't support some endpoint devices. For more details, see Compatibility with Sophos Connect client.

Configure SSL VPN remote access connections

To allow remote access to your network through the Sophos Connect client using an SSL connection, you need to do as follows:

  1. Go to Show VPN settings, specify the SSL VPN settings, and click Apply.
  2. Go to SSL VPN (remote access) and add pre-configured users and groups. This creates a .ovpn configuration file, which appears on the user portal.
  3. If you don't have a firewall rule allowing traffic between the LAN and the VPN zones, add a firewall rule so that the Sophos Connect clients can access the configured LAN networks. For information on how to add a firewall rule, see Add a firewall rule. If you want to allow LAN and VPN traffic in both directions, add both LAN and VPN to the source and destination zones. If you want to allow specific traffic for each direction, you need to create separate rules.
  4. Configure a provisioning file and share it with users. The provisioning file imports the .ovpn configuration into the client. It also automatically imports any configuration changes you make later.

Remote users

Users can download the Sophos Connect client from the user portal.

If you share the provisioning (.pro) file, users can double-click the file, which automatically imports the configuration into the client. Alternatively, users can download the .ovpn configuration file from the user portal and import it into the Sophos Connect client.

Sophos Connect client then establishes the connection.

More resources

Back to top