Operation: Configure Sophos Connect VPN Client
Description: To Configure connection for Sophos Connect VPN client. 

Sample Configuration
<SophosConnectClient> <SophosConnectClientConfiguration>Enable/Disable</SophosConnectClientConfiguration> <Name>connectionname</Name> <Interface>interfacename</Interface> <!-- For alias wan port --> <AliasInterface>alias interfacename</AliasInterface> <PolicyID>policyname</PolicyID> <AuthenticationType>PresharedKey/DigitalCertificate</AuthenticationType> <!-- for preshared key --> <PresharedKey>key</PresharedKey> <!-- for Certificate --> <LocalCertificate>{certificatename}</LocalCertificate> <RemoteCertificate>{certificatename}</RemoteCertificate> <LocalIDType>DNS/IP Address/Email/DER ASN1 DN (X.509)</LocalIDType> <LocalID>localid</LocalID> <RemoteIDType>DNS/IP Address/Email/DER ASN1 DN (X.509)</RemoteIDType> <RemoteID>remoteid</RemoteID> <AllowedUsers> <User>username</User> : </AllowedUsers> <AssignIP> <StartIP>ip address</StartIP> <EndIP>ip address</EndIP> </AssignIP> <LeaseIPFromRadiusServer>Enable/Disable</LeaseIPFromRadiusServer> <DNSServer1>ip address</DNSServer1> <DNSServer2>ip address</DNSServer2> <DisconnectOnIdleInterval>600</DisconnectOnIdleInterval> <SecurityHeartbeat>Enable/Disable</SecurityHeartbeat> <SaveCredential>Enable/Disable</SaveCredential> <TwoFAToken>Enable/Disable</TwoFAToken> <AdLogon>Enable/Disable</AdLogon> <AutoConnect>Enable/Disable</AutoConnect> <HostorDNSName>FQDN name</HostorDNSName> <AssignDNS>Enable/Disable</AssignDNS> <DomainName>Domain suffix</DomainName> <DefaultGateway>Enable/Disable</DefaultGateway> <PermittedNetworkResourcesIPv4> <Resource>Host1</Resource> <Resource>Host2</Resource> : : </PermittedNetworkResourcesIPv4> </SophosConnectClient>



Parameter Mandatory Default Description
SophosConnectClientConfigurationNo Disable 
Configure Sophos Connect client information.
SophosConnectClientConfiguration confines to:
  • Type is 'SCALAR'.
  • Only 'Enable', 'Disable' are allowed.
AliasInterfaceYes  
Select interface from the list of WAN ports on which user will connect VPN.
AliasInterface confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
AuthenticationTypeYes  
Select Authentication type for the Sophos Connect VPN Client.
AuthenticationType confines to:
  • Type is 'SCALAR'.
  • Only 'PresharedKey', 'DigitalCertificate' are allowed.
PresharedKeyNo  
Specify Preshared key or Select Local Certificate to be used by Appliance for authentication based on the Authentication type selected.
PresharedKey confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 1000.
RemoteCertificateNo  
Select Certificate to be used for authentication by the remote peer.
RemoteCertificate confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
LocalIDTypeYes  
Select Local ID type.
LocalIDType confines to:
  • Type is 'SCALAR'.
  • Only 'DNS', 'IP Address', 'Email', 'DER ASN1 DN (X.509)' are allowed.
LocalIDYes  
Specify value for Local ID selected.
LocalID confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
RemoteIDTypeYes  
Select Remote ID type.
RemoteIDType confines to:
  • Type is 'SCALAR'.
  • Only 'DNS', 'IP Address', 'Email', 'DER ASN1 DN (X.509)' are allowed.
RemoteIDYes  
Specify value for Remote ID selected.
RemoteID confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
UserNo  
Specify users to be allowed to connect to Sophos Connect VPN Client.
User confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 256.
  • Multiple values are allowed.
NameYes  
Specify client's name to be displayed.
Name confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first characters: (A-Za-z). For other characters: (A-Za-z0-9_)
StartIPYes  
Specify the starting IP Address for the range from which IP Address is leased to the Client.
StartIP confines to:
  • Type is 'SCALAR'.
  • Datatype is 'IPADDRESS'.
  • Maximum characters allowed are 15.
  • IP Class other than 'MULTICAST', 'RESERVED', 'LOCALHOST', 'UNSPECIFIED', 'BROADCAST', 'LINKLOCAL' is allowed.
EndIPYes  
Specify the ending IP Address for the range from which IP Address is leased to the Client.
EndIP confines to:
  • Type is 'SCALAR'.
  • Datatype is 'IPADDRESS'.
  • Maximum characters allowed are 15.
  • IP Class other than 'MULTICAST', 'RESERVED', 'LOCALHOST', 'UNSPECIFIED', 'BROADCAST', 'LINKLOCAL' is allowed.
DNSServer1No  
Provide DNS Server IP Address.
DNSServer1 confines to:
  • Type is 'SCALAR'.
  • Datatype is 'IPADDRESS'.
  • Maximum characters allowed are 15.
  • IP Class other than 'MULTICAST', 'RESERVED', 'LOCALHOST', 'UNSPECIFIED', 'BROADCAST', 'LINKLOCAL' is allowed.
DNSServer2No  
Provide Second DNS Server IP Address.
DNSServer2 confines to:
  • Type is 'SCALAR'.
  • Datatype is 'IPADDRESS'.
  • Maximum characters allowed are 15.
  • IP Class other than 'MULTICAST', 'RESERVED', 'LOCALHOST', 'UNSPECIFIED', 'BROADCAST', 'LINKLOCAL' is allowed.
PolicyIDYes  
Specify value for policy ID selected.
PolicyID confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
ResourceNo  
Allows the remote user to access these internal network resources.
Resource confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 60.
  • Multiple values are allowed.
  • Duplicate values will be ignored.
Note:
Only IPv4 hosts are allowed..
LeaseIPFromRadiusServerNo Disable 
Enable to lease IP Address through the Radius Server.
LeaseIPFromRadiusServer confines to:
  • Type is 'SCALAR'.
  • Only 'Enable', 'Disable' are allowed.
DisconnectOnIdleIntervalNo 
Disconnect on idle interval.
DisconnectOnIdleInterval confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Range 120 to 21600 is allowed.
  • Maximum digits allowed are 5.
SecurityHeartbeatNo Disable 
Sends the endpoint's Security Heartbeat through the tunnel.
SecurityHeartbeat confines to:
  • Type is 'SCALAR'.
  • Only 'Enable', 'Disable' are allowed.
SaveCredentialNo Disable 
Allows users to save their username and password.
SaveCredential confines to:
  • Type is 'SCALAR'.
  • Only 'Enable', 'Disable' are allowed.
TwoFATokenNo Disable 
Requires users to enter a one-time password to establish the tunnel.
TwoFAToken confines to:
  • Type is 'SCALAR'.
  • Only 'Enable', 'Disable' are allowed.
AdLogonNo Disable 
Runs the Active Directory sign-in script after connecting the tunnel.
AdLogon confines to:
  • Type is 'SCALAR'.
  • Only 'Enable', 'Disable' are allowed.
AutoConnectNo Disable 
Connects the tunnel automatically.
AutoConnect confines to:
  • Type is 'SCALAR'.
  • Only 'Enable', 'Disable' are allowed.
HostorDNSNameNo  
Checks if the hostname or the domain name can be reached when the tunnel connects automatically.
HostorDNSName confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 255.
AssignDNSNo Disable 
Allows you to assign a DNS suffix.
AssignDNS confines to:
  • Type is 'SCALAR'.
  • Only 'Enable', 'Disable' are allowed.
DomainNameNo  
Domain name to use after the connection is established.
DomainName confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 255.
DefaultGatewayNo Enable 
Uses the tunnel as the default gateway for the remote user after the connection is established.
DefaultGateway confines to:
  • Type is 'SCALAR'.
  • Only 'Disable', 'Enable' are allowed.



Operation   Status   Message
Configure Sophos Connect VPN Client200
Configure Sophos Connect VPN Client201
Configure Sophos Connect VPN Client500
Configure Sophos Connect VPN Client502
Configure Sophos Connect VPN Client503
Configure Sophos Connect VPN Client511
Configure Sophos Connect VPN Client512
Configure Sophos Connect VPN Client541

© Copyright 2019 Sophos Firewall Limited. All rights reserved.
Sophos Firewall is registered trademarks of Sophos Firewall Limited and Sophos Firewall Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.