Skip to content

IPsec and SSL VPN overview

You can configure remote access IPsec and SSL VPN connections using the Sophos Connect client.

To enforce the advanced security settings and have greater flexibility in configuration, use the Sophos Connect client.

IPsec and SSL VPN connections

To configure the connections, you must do as follows:

IPsec: Go to VPN > IPsec (remote access) and configure the settings.

SSL VPN: Configure the following settings and policies:

  • VPN > Show VPN settings > SSL VPN
  • VPN > SSL VPN (remote access)

Sophos Connect client

To download the client, do as follows:

Administrators: Go to VPN > IPsec (remote access) and click Download client.

Users: On the user portal, users can download the client from VPN > Sophos Connect client.

For more information about the Sophos Connect client and configurations users can download, see VPN clients and configuration files on the user portal.

Provisioning file versus configuration files

You can use a single provisioning file to automatically import remote access IPsec and SSL VPN connections and their updates. Alternatively, you can use the corresponding configuration files for these connection types. You'll need to import the configuration files each time you make changes.


We recommend using the provisioning file. It doesn't require you to share the .scx file or for users to download the .ovpn file from the user portal when you update the remote access policies and settings.

See Automatic provisioning, configuration files, and clients.