Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Checklist for remote access SSL VPN

Make sure you've completed the configurations. If you can't establish tunnels after that, follow the basic and advanced troubleshooting steps.

Complete the configurations

  1. Web admin console: You can use the remote access SSL VPN assistant to configure the following settings:

    1. Remote access VPN > SSL VPN: Add an SSL VPN policy.
    2. Administration > Device access: Allow access from zones to services.
    3. Authentication > Services: Check the SSL VPN authentication method.
  2. User portal

    1. Download the Sophos Connect client and install it on your endpoint.
    2. Download and import the .ovpn file to the client.
  3. Sophos Connect client: Enter your credentials to establish the connection.

Example configurations:

Basic troubleshooting

Users can't access the user portal

  1. Go to Administration > Device access and select the zones from which users access the user portal.
  2. Make sure you added an SSL VPN policy.
  3. In the browser, enter https://<IP address or hostname of Sophos Firewall>:<VPN portal's port>.

    Note

    The default port for user portal is 443. To check the port, go to Administration > Admin and user settings and see under Admin console and end-user interaction.

Other user portal issues

  • Scenario


    • Can't sign in to user portal.
    • SSL VPN configuration files don't appear.
  1. Go to Remote access VPN > SSL VPN and make sure you added the users to an SSL VPN policy.
  2. We recommend that usernames and certificate and CA fields don't contain special characters for the following reasons:

    • The user portal may not support some special characters in usernames.
    • The Sophos Connect client only supports ASCII characters in usernames. It doesn't support certain sequences of special characters. See Sophos Connect: Supported characters.
    • Usernames are used in the .ovpn filenames and the certificates the firewall generates for each remote user. Third-party VPN clients may not support special characters in these.

Advanced troubleshooting

To resolve advanced issues, see the following checklists: