SSL VPN (remote access)

You can provide access to network resources for individual hosts using point-to-point encrypted tunnels over the internet. Remote access requires SSL certificates and a username and password.

SSL VPN remote access policies use OpenVPN, a full-featured SSL VPN solution.

Users must download one of the following clients from the user portal:

  • Sophos Connect client: We recommend using this client for advanced security and flexibility in configuration.
  • Legacy SSL VPN client software bundle from the user portal: The bundle includes an SSL VPN client, SSL certificates, and a configuration file.
Restriction You can establish SSL VPN connections only with version 2.0 of the Sophos Connect client. Currently, version 2.0 is only available for Windows devices. macOS users can use the legacy SSL VPN client.

Configure SSL VPN remote access connections

To allow remote access to your network through the Sophos Connect client using an SSL connection, you need to do as follows:

  1. Go to Show VPN settings, specify the SSL VPN settings, and click Apply.
  2. Go to SSL VPN (remote access) and add pre-configured users and groups. This creates a .ovpn configuration file, which appears on the user portal.
  3. If you don't have a firewall rule allowing traffic between the LAN and the VPN zones, add a firewall rule so that the Sophos Connect clients can access the configured LAN networks. For information on how to add a firewall rule, see Add a firewall rule. If you want to allow LAN and VPN traffic in both directions, add both LAN and VPN to the source and destination zones. If you want to allow specific traffic for each direction, you need to create separate rules.
  4. Configure a provisioning file and share it with users. The provisioning file imports the .ovpn configuration into the client.

Remote users

Users can download the Sophos Connect client from the user portal.

If you share the provisioning (.pro) file, users can double-click the file, which automatically imports the configuration into the client. Alternatively, users can download the .ovpn configuration file from the user portal and import it into the Sophos Connect client.

Sophos Connect client then establishes the connection.