Skip to content

Configure VPN provisioning file

The Sophos Connect provisioning file allows you to provision remote access IPsec and SSL VPN configurations.

Based on the provisioning file settings, the Sophos Connect client connects to the VPN portal using the user's credentials and automatically imports the following configuration files:

  • IPsec remote access settings: .scx file for all users.
  • SSL VPN remote access policies: .ovpn file for users specified in the policies.

It also fetches the updates you make to remote access IPsec and SSL VPN settings and policies.

Requirement

When the provisioning file is used, the Sophos Connect client imports the configuration through the VPN portal. For remote users connecting from the WAN zone, you must allow WAN access for the VPN portal in Administration > Device access, under Local service ACL.

Configure and import the provisioning file

To create and import the provisioning file, do as follows:

  1. Open a new file in a text editor, such as Notepad.
  2. Copy and edit the settings to meet your network requirements using the syntax on Provisioning file settings.

    Requirement

    You must specify the hostname or IP address for gateway. You can edit the other fields if needed.

    Note

    Currently, you must use the syntax user_portal_port to enter the VPN portal port. We'll update the syntax in an upcoming version of the Sophos Connect client. If you change the port in the firewall, you must change it in the provisioning file.

    Example settings
    [
        {
            "gateway": "203.0.113.1",
            "user_portal_port": 443,
            "otp": false,
            "auto_connect_host": "10.10.10.1",
            "can_save_credentials": true,
            "check_remote_availability": false,
            "run_logon_script": false
        }
    ]
    
  3. Save the file with a .pro extension.

  4. To install it on users' endpoints, do one of the following:

    • Email the provisioning file to users.

      Users must click Import connection in the Sophos Connect client and select the file. Alternatively, they can double-click the .pro file to import it. See Provisioning IPsec and SSL VPN.

    • Use an Active Directory Group Policy Object (GPO) to automatically import it to the Sophos Connect client on users' endpoints after start-up. See Import VPN provisioning file through GPO.

More resources