Skip to content

Add a remote access policy using the SSL VPN remote access assistant

The SSL VPN remote access assistant helps you configure SSL VPN remote access policies.

Use the SSL VPN remote access assistant to create SSL VPN remote access policies. With these policies, you can enable remote users to connect to the network securely over the internet using remote access SSL VPN connections. The assistant automatically configures a remote access policy, firewall rule, and device access settings.

  1. Go to Remote access VPN > SSL VPN and click Assistant.

    Go to remote access VPN > SSL VPN and click assistant.

  2. Review the global settings and click Next.

    Note

    You can't change the SSL VPN global settings within the SSL VPN assistant. To change the global settings, go to Remote access VPN > SSL VPN > SSL VPN global settings.

  3. Specify the settings:

    Name Description
    VPN name Enter a name to identify the connection. This is the name of your SSL VPN remote access policy. The name also appears as part of the firewall rule that the assistant creates.
    Users and groups Select the users and groups that can connect using this policy.
    Authentication servers Select the servers you want to use to authenticate users. Choose one of the following:
    Same as VPN (IPsec, L2TP, PPTP)
    Same as firewall
    Set authentication method for SSL VPN

    To change this setting later, go to Authentication > Services > SSL VPN authentication methods.
    Access to resources Select the hosts and networks you want to allow users to access with the VPN.
    Tunnel mode Choose whether to use VPN for all user traffic (to the resources you’ve specified and the internet) or only for traffic to the resources.
    User portal access Select the zones from which users can access the user portal. Users can download the SSL VPN client and configuration files from the user portal.
    To change this setting later, go to Administration > Device access.
    SSL VPN access Select the zones from which users can establish SSL VPN tunnels.
    To change this setting later, go to Administration > Device access.
    Review your settings Click Finish to create the remote access SSL VPN policy and firewall rules automatically.

The assistant creates the SSL VPN policy, firewall rule, and device access settings. The first time the assisstant runs, it also creates the Automatic VPN rules firewall rule group and places it at the top of the rule table. The firewall rules created by the assistant are shown at the bottom of the Automatic VPN rules firewall rule group and are turned on by default.

Next steps

  • Reposition the firewall rule to meet your requirements. Sophos Firewall evaluates rules in the order shown.
  • Change the SSL VPN global settings, if required.
  • Have users download the SSL VPN client and configuration files from the user portal.