Skip to content

SSL VPN (remote access)

You can provide access to network resources for individual hosts using point-to-point encrypted tunnels over the internet. Remote access requires digital certificates and a username and password.

SSL VPN remote access policies use OpenVPN, a full-featured SSL VPN solution. You can establish IPv4 and IPv6 SSL VPN connections.

You can download the Sophos Connect client from VPN > IPsec (remote access) and share it with users. Alternatively, users can download it from the user portal.

Currently, the Sophos Connect client doesn't support some endpoint devices. See Compatibility with Sophos Connect client.

Warning

The legacy SSL VPN client reached end-of-life. It doesn't appear for download on the user portal any longer. See End-of-Life for Sophos SSL VPN client.

Configure SSL VPN remote access connections

To allow remote access to your network through the Sophos Connect client using an SSL connection, you need to do as follows:

  1. Go to Show VPN settings, specify the SSL VPN settings, and click Apply.
  2. Go to SSL VPN (remote access) and add pre-configured users and groups. This creates a .ovpn configuration file, which appears on the user portal.
  3. If you don't have a firewall rule allowing traffic between the LAN and the VPN zones, add a firewall rule so that the Sophos Connect clients can access the configured LAN networks. For information on how to add a firewall rule, see Add a firewall rule. If you want to allow LAN and VPN traffic in both directions, add both LAN and VPN to the source and destination zones. If you want to allow specific traffic for each direction, you need to create separate rules.
  4. Configure a provisioning file and share it with users. The provisioning file imports the .ovpn configuration into the client.

Remote users

Users can download the Sophos Connect client from the user portal.

If you share the provisioning (.pro) file, users can double-click the file, which automatically imports the configuration into the client. Alternatively, users can download the .ovpn configuration file from the user portal and import it into the Sophos Connect client.

Sophos Connect client then establishes the connection.

More resources