Remote access IPsec and SSL VPN
Using the Sophos Connect client, you can establish remote access IPsec and SSL VPN connections.
You don't need the Sophos Connect client for iOS devices.
You can establish remote access SSL VPN connections between your endpoint and your organization's network.
You must download the Sophos Connect client and SSL VPN configuration and import the configuration.
Supported endpoints
You can use the Sophos Connect client to configure the connection on the following endpoints:
- Windows 10 and 11 devices
You can't use the Sophos Connect client to configure the connection on the following endpoints:
- macOS devices
- Linux devices
- Mobile devices
You can use the OpenVPN client for these endpoints.
Download the Sophos Connect client
- Sign in to the user portal.
- Go to VPN.
-
Under Sophos Connect client, click Download for Windows.
-
Click the downloaded file to install the Sophos Connect client on your device.
You can see the client on your desktop.
-
Double-click the client.
You can then see it in the tray in the lower-right corner for Windows and the upper-right corner for macOS devices.
Download the configuration file
-
On the user portal, under VPN configuration, click Download configuration for Windows, macOS, Linux for one of the following options:
- Use with Sophos Connect and OpenVPN Connect v2 clients: Supports the Sophos Connect client and OpenVPN Connect 2.0 clients.
- Use with OpenVPN Connect v3 clients: Supports the OpenVPN Connect 3.0 clients.
This downloads a
.ovpn
file.Note
You can see the SSL VPN configuration files for download only if your administrator has configured a remote access SSL VPN policy for you.
Import the configuration file to the client
-
Click the Sophos Connect client on your endpoint and click Import connection.
-
Select the
.ovpn
configuration file you've downloaded.Here's an example of an imported connection:
-
Click Connect to sign in.
-
Enter your user portal username and password.
-
Enter the verification code if your organization requires two-factor authentication.
- Click Sign in.
This establishes the remote access SSL VPN connection. Future connections are established automatically.
Tip
If tunnels that had connected earlier don't connect later, download the .ovpn
configuration file again from the user portal, and import it to the Sophos Connect client.
You must do this if your administrator has made configuration changes.
You can establish a remote access IPsec VPN connection between your endpoint and your organization's network.
You must download the Sophos Connect client. Import the IPsec configuration file your administrator provides.
Supported endpoints
You can use the Sophos Connect client to configure the connection on the following endpoints:
- Windows 10 and 11 devices
- macOS 10.13 and later
You can't use the Sophos Connect client to configure the connection on the following endpoints:
- Linux devices
- Mobile devices
You can use a third-party IPsec VPN client for these endpoints.
Download the Sophos Connect client
- Sign in to the user portal.
- Go to VPN.
-
Under Sophos Connect client, do as follows:
- Windows devices: Click Download for Windows.
- macOS devices: Click Download for macOS.
-
Click the downloaded file to install the Sophos Connect client on your device.
You can see the client on your desktop.
-
Double-click the client.
You can then see it in the tray in the lower-right corner for Windows and the upper-right corner for macOS devices.
Import the configuration file to the client
Your administrator will share the `.scx' configuration file with you.
-
Click the Sophos Connect client in the tray on your endpoint and click Import connection.
-
Select the
.scx
configuration file your administrator has shared with you.Here's an example of a connection:
-
Click Connect to sign in.
-
Enter your user portal credentials.
-
Enter the verification code if you're prompted for two-factor authentication.
- Click Sign in.
This establishes the remote access IPsec VPN connection. Future connections are established automatically.
Tip
If tunnels that had connected earlier don't connect later, your administrator may have made changes to the configuration file. Ask for the new file, and import it to the Sophos Connect client.
You can establish remote access IPsec VPN connections between your iOS device and your organization's network.
Establish the connection
- On your iOS device, open the Safari browser, and sign in to the user portal.
- Go to VPN.
-
Under VPN configuration > IPsec VPN profile, click Download for iOS.
The IPsec VPN is automatically established.
Note
You can only see the iOS IPsec download if your administrator has configured remote access IPsec VPN.
Tip
Install the configuration again if tunnels that had connected earlier don't connect later.
You must do this if your administrator has made configuration changes.
Close the VPN connection
To close the VPN connection, do as follows:
- On the iOS device, tap Settings.
- Go to General > VPN.
- Tap Status for your connection.
Your VPN connection will close.
The provisioning (.pro
) file enables the Sophos Connect client on your endpoint to automatically fetch the remote access IPsec and SSL VPN configurations. The .pro
file automatically imports any configuration changes your administrator makes later.
You must download the Sophos Connect client and import the provisioning file your administrator provides if they aren't automatically installed on your endpoint.
Supported endpoints
You can use the Sophos Connect client and the provisioning file to configure the connection on the following endpoints:
- Windows 10 and 11 devices
Download the Sophos Connect client
- Sign in to the user portal.
- Go to VPN.
-
Under Sophos Connect client (IPsec and SSL VPN), click Download client for Windows.
-
Click the downloaded file to install the Sophos Connect client on your device.
You can see the client on your desktop.
-
Double-click the client.
You can then see it in the tray in the lower-right corner for Windows.
Import the provisioning file
-
Click the
.pro
file your administrator provides.If a text file is provided, change the extension to
.pro
.The file is then automatically imported into the Sophos Connect client.
-
Click Connect to sign in.
-
Enter your user portal username and password.
-
If multi-factor authentication is configured, do as follows based on the option configured:
-
OTP token (Sophos Firewall or third-party tokens): Enter the passcode.
If it's a token generated by Sophos Firewall, see OTP token for more information.
-
Duo Push: Enter
push
and approve the notification on your mobile device. - Duo Phone: Enter
phone
. You'll receive a call for authentication. - Duo SMS: Enter
sms
. In the next sign-in screen, enter your username, password, and the OTP token.
Note
If you're using the provisioning file the first time, the sign-in screen is shown twice. The first sign-in downloads the configuration file, and the second establishes the connection.
-
-
Click Sign in.
This establishes the remote access connection.