Skip to content

Remote access IPsec and SSL VPN

Using the Sophos Connect client, you can establish remote access IPsec and SSL VPN connections.

You don't need the Sophos Connect client for iOS devices.

You can establish remote access SSL VPN connections between your endpoint and your organization's network.

You must download the Sophos Connect client and SSL VPN configuration and import the configuration.

Supported endpoints

You can use the Sophos Connect client to configure the connection on the following endpoints:

  • Windows 10 and 11 devices

You can't use the Sophos Connect client to configure the connection on the following endpoints:

  • macOS devices
  • Linux devices
  • Mobile devices

You can use the OpenVPN client for these endpoints.

Download the Sophos Connect client

  1. Sign in to the user portal.
  2. Go to VPN.
  3. Under Sophos Connect client, click Download for Windows.

    Download Sophos Connect client.

  4. Click the downloaded file to install the Sophos Connect client on your device.

    You can see the client on your desktop.

  5. Double-click the client.

    You can then see it in the tray in the lower-right corner for Windows and the upper-right corner for macOS devices.

    Sophos Connect client in Windows tray.

Download the configuration file

  1. On the user portal, under VPN configuration, click Download configuration for Windows, macOS, Linux for one of the following options:

    • Use with Sophos Connect and OpenVPN Connect v2 clients: Supports the Sophos Connect client and OpenVPN Connect 2.0 clients.
    • Use with OpenVPN Connect v3 clients: Supports the OpenVPN Connect 3.0 clients.

    This downloads a .ovpn file.

    Download configuration file.

    Note

    You can see the SSL VPN configuration files for download only if your administrator has configured a remote access SSL VPN policy for you.

Import the configuration file to the client

  1. Click the Sophos Connect client on your endpoint and click Import connection.

    Import the connection.

  2. Select the .ovpn configuration file you've downloaded.

    Here's an example of an imported connection:

    VPN connection.

  3. Click Connect to sign in.

    Click connect.

  4. Enter your user portal username and password.

    Sign in to connect.

  5. Enter the verification code if your organization requires two-factor authentication.

  6. Click Sign in.

This establishes the remote access SSL VPN connection. Future connections are established automatically.

Tip

If tunnels that had connected earlier don't connect later, download the .ovpn configuration file again from the user portal, and import it to the Sophos Connect client.

You must do this if your administrator has made configuration changes.

You can establish a remote access IPsec VPN connection between your endpoint and your organization's network.

You must download the Sophos Connect client. Import the IPsec configuration file your administrator provides.

Supported endpoints

You can use the Sophos Connect client to configure the connection on the following endpoints:

  • Windows 10 and 11 devices
  • macOS 10.13 and later

You can't use the Sophos Connect client to configure the connection on the following endpoints:

  • Linux devices
  • Mobile devices

You can use a third-party IPsec VPN client for these endpoints.

Download the Sophos Connect client

  1. Sign in to the user portal.
  2. Go to VPN.
  3. Under Sophos Connect client, do as follows:

    • Windows devices: Click Download for Windows.
    • macOS devices: Click Download for macOS.

    Download Sophos Connect client.

  4. Click the downloaded file to install the Sophos Connect client on your device.

    You can see the client on your desktop.

  5. Double-click the client.

    You can then see it in the tray in the lower-right corner for Windows and the upper-right corner for macOS devices.

    Sophos Connect client in tray.

Import the configuration file to the client

Your administrator will share the `.scx' configuration file with you.

  1. Click the Sophos Connect client in the tray on your endpoint and click Import connection.

    Import the connection.

  2. Select the .scx configuration file your administrator has shared with you.

    Here's an example of a connection:

    VPN connection.

  3. Click Connect to sign in.

    Click connect.

  4. Enter your user portal credentials.

    Sign in to connect.

  5. Enter the verification code if you're prompted for two-factor authentication.

  6. Click Sign in.

This establishes the remote access IPsec VPN connection. Future connections are established automatically.

Tip

If tunnels that had connected earlier don't connect later, your administrator may have made changes to the configuration file. Ask for the new file, and import it to the Sophos Connect client.

You can establish remote access IPsec VPN connections between your iOS device and your organization's network.

Establish the connection

  1. On your iOS device, open the Safari browser, and sign in to the user portal.
  2. Go to VPN.
  3. Under VPN configuration > IPsec VPN profile, click Download for iOS.

    Install IPsec VPN configuration on iOS devices.

The IPsec VPN is automatically established.

Note

You can only see the iOS IPsec download if your administrator has configured remote access IPsec VPN.

Tip

Install the configuration again if tunnels that had connected earlier don't connect later.

You must do this if your administrator has made configuration changes.

Close the VPN connection

To close the VPN connection, do as follows:

  1. On the iOS device, tap Settings.
  2. Go to General > VPN.
  3. Tap Status for your connection.

Your VPN connection will close.

The provisioning (.pro) file enables the Sophos Connect client on your endpoint to automatically fetch the remote access IPsec and SSL VPN configurations. The .pro file automatically imports any configuration changes your administrator makes later.

You must download the Sophos Connect client and import the provisioning file your administrator provides if they aren't automatically installed on your endpoint.

Supported endpoints

You can use the Sophos Connect client and the provisioning file to configure the connection on the following endpoints:

  • Windows 10 and 11 devices

Download the Sophos Connect client

  1. Sign in to the user portal.
  2. Go to VPN.
  3. Under Sophos Connect client (IPsec and SSL VPN), click Download client for Windows.

    Download Sophos Connect client for Windows.

  4. Click the downloaded file to install the Sophos Connect client on your device.

    You can see the client on your desktop.

  5. Double-click the client.

    You can then see it in the tray in the lower-right corner for Windows.

    Sophos Connect client in Windows tray.

Import the provisioning file

  1. Click the .pro file your administrator provides.

    If a text file is provided, change the extension to .pro.

    The file is then automatically imported into the Sophos Connect client.

  2. Click Connect to sign in.

    Click connect.

  3. Enter your user portal username and password.

    Sign in to connect.

  4. If multi-factor authentication is configured, do as follows based on the option configured:

    • OTP token (Sophos Firewall or third-party tokens): Enter the passcode.

      If it's a token generated by Sophos Firewall, see OTP token for more information.

    • Duo Push: Enter push and approve the notification on your mobile device.

    • Duo Phone: Enter phone. You'll receive a call for authentication.
    • Duo SMS: Enter sms. In the next sign-in screen, enter your username, password, and the OTP token.

    Sign-in using MFA.

    Note

    If you're using the provisioning file the first time, the sign-in screen is shown twice. The first sign-in downloads the configuration file, and the second establishes the connection.

  5. Click Sign in.

This establishes the remote access connection.