Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

SSL VPN

You can establish remote access SSL VPN connections between your endpoint and your organization's network.

You must download the Sophos Connect or Tunnelblick client, the SSL VPN configuration, and import the configuration.

Supported endpoints

You can use the Sophos Connect client to configure the connection on the following endpoints:

  • Windows 10 and 11 devices

You can't use the Sophos Connect client to configure the connection on the following endpoints:

  • macOS devices
  • Linux devices
  • Mobile devices

You can use the Tunnelblick client for macOS devices and the OpenVPN client for mobile devices.

You can establish remote access SSL VPN connections between your Windows device and your organization's network.

Download the Sophos Connect client

  1. Sign in to the VPN portal.
  2. Go to VPN.
  3. Under Sophos Connect client, click Download for Windows.

    Download Sophos Connect client.

  4. Click the downloaded file to install the Sophos Connect client on your device.

    You can see the client on your desktop.

  5. Double-click the client.

    You can then see it in the tray in the lower-right corner for Windows and the upper-right corner for macOS devices.

    Sophos Connect client in Windows tray.

Download the configuration file

  1. On the VPN portal, under VPN configuration, click Download configuration for Windows, macOS, Linux for one of the following options:

    • Use with Sophos Connect and OpenVPN Connect v2 clients: Supports the Sophos Connect client and OpenVPN Connect 2.0 clients.
    • Use with OpenVPN Connect v3 clients: Supports the OpenVPN Connect 3.0 clients.

    You'll download the .ovpn configuration file.

    Download configuration file.

    Note

    You can see the SSL VPN configuration files for download only if your administrator has configured a remote access SSL VPN policy for you.

Import the configuration file to the client

  1. Click the Sophos Connect client on your endpoint and click Import connection.

    Import the connection.

  2. Select the .ovpn configuration file you've downloaded.

    Here's an example of an imported connection:

    VPN connection.

  3. Click Connect to sign in.

    Click connect.

  4. Enter your VPN portal username and password.

    Sign in to connect.

  5. Enter the verification code if your organization requires two-factor authentication.

  6. Click Sign in.

This establishes the remote access SSL VPN connection. Future connections are established automatically.

You can establish remote access SSL VPN connections between your macOS device and your organization's network using the Tunnelblick client.

Note

Tunnelblick isn't a Sophos product. For details and support, see Tunnelblick website.

Download the Tunnelblick client

  1. Go to Tunnelblick downloads.
  2. Download the stable version of the Tunnelblick client.

    Tunnelblick download.

  3. Open the downloaded file and install the Tunnelblick client.

  4. Select Check for updates and Check for IP address changes, and click Continue.

    Tunnelblick options.

  5. Click Quit on the next window.

    Tunnelblick quit.

Download the configuration file

  1. In the VPN portal, under VPN configuration, click Download configuration for Windows, macOS, Linux.

    This downloads the .ovpn file.

    Download configuration file.

    Note

    You can see the SSL VPN configuration files for download only if your administrator has configured a remote access SSL VPN policy for you.

Import the configuration file to the client

You can import the configuration file in two ways.

  1. Double-click the .ovpn configuration file.
  2. In the pop-up window Install configuration for all users, click Only me and enter your macOS password.
  3. Click OK on the warning pop-up.
  1. Click the Tunnelblick icon on the menu bar and click VPN Details.

    Tunnelblick icon.

  2. Drag the .ovpn configuration file to the Configurations section.

    Tunnelblick configuration section.

  3. In the pop-up window Install configuration for all users, click Only me and enter your macOS password.

  4. Click OK on the warning pop-up.

Establish the connection

  1. Click the Tunnelblick icon on the menu bar and click the imported configuration.

    Tunnelblick connect.

  2. Enter your VPN portal username and password.

  3. Enter the verification code if your organization requires two-factor authentication.
  4. Click OK.

This establishes the remote access SSL VPN connection. Future connections are established automatically.

You can establish remote access SSL VPN connections between your Linux device and your organization's network.

Download the configuration file

  1. On the VPN portal, under VPN configuration, click Download configuration for Windows, macOS, Linux.

    This downloads the .ovpn file.

    Download configuration file.

    Note

    You can see the SSL VPN configuration files for download only if your administrator has configured a remote access SSL VPN policy for you.

Establish the connection

  1. Open the terminal.
  2. Type the command sudo openvpn --config and drag the .ovpn configuration file to the terminal window.

    Alternatively, you can type the exact file path after the command.

    Linux terminal.

  3. Press Enter.

  4. Enter your Linux device password.
  5. Enter your VPN portal username and password.
  6. Enter the verification code if your organization requires two-factor authentication.

This establishes the remote access SSL VPN connection.

Note

Closing the terminal window disconnects the tunnel.

Tip

If tunnels that had connected earlier don't connect later, download the .ovpn configuration file again from the VPN portal, and import it to the Sophos Connect client.

You must do this if your administrator has made configuration changes.