VPN overview

Virtual Private Networks (VPN) carry private network traffic over a public network, such as the internet, through secure connections.

You can use VPNs to provide secure connections between networks. You can also establish VPN tunnels between individual hosts, such as off-site employees, and the internal network.

Site-to-site VPN

  • IPsec connections: Use these policy-based (host-to-host and site-to-site) VPNs to connect small networks.
  • Tunnel interface: Use these route-based IPsec VPNs to connect large, dynamic networks.
  • SSL VPN (site-to-site): Use these VPNs to establish an SSL/TLS connection between two Sophos Firewall devices in a client-server configuration.
  • RED: Remote Ethernet Devices (example: SD-RED) connect a branch office to the head office with a layer 2 connection. The branch office can then act as an extended network of the head office.
  • Firewall RED: Configure Sophos Firewall to act as the endpoint for RED tunnels.

Remote access VPN

  • IPsec (remote access): Allows remote devices to connect to your network using the Sophos Connect client. We recommend using this option instead of the legacy remote access configuration.
  • SSL VPN (remote access): Allows remote devices to connect to your network using the Sophos Connect client or the legacy SSL VPN client.
  • Clientless access: Allows access to internal, restricted resources through a browser.
  • L2TP (remote access): Layer 2 tunneling protocol.
  • PPTP (remote access): Point-to-Point Tunneling Protocol over TCP port 1723.