Skip to content

Remote access IPsec overview

You can establish remote access IPsec VPN connections using the Sophos Connect client.

  • To specify the phase 1 and phase 2 IKE (Internet Key Exchange) parameters for establishing IPsec tunnels between two firewalls, go to Remote access VPN > IPsec and click IPsec profiles.
  • To download the Sophos Connect client, click Download client.
  • To see the logs, click Logs.
  • To allow incoming IPsec requests, click Device access or go to Administration > Device access and turn on IPsec for the WAN zone.
  • To export the configuration after specifying the settings, scroll down and click Export connection.
  • To reset the settings, scroll down and click Reset.

Configuring IPsec remote access connections

To allow remote access to your network through the Sophos Connect client using an IPsec connection, do as follows:

  1. Go to Remote access VPN > IPsec and specify the settings.
  2. Add a firewall rule to allow traffic between the Sophos Connect clients and Sophos Firewall. For higher levels of security, configure individual rules for inbound and outbound traffic.
  3. Scroll down on IPsec and click Export connection to download the configuration files.
  4. Share the .scx file with users.
    The .tgb file doesn't have the advanced settings. You can use it with third-party VPN clients.

Remote users

Users must do as follows:

  1. Download the Sophos Connect client from the VPN portal.
  2. Import the .scx file shared with them to the client.
  3. Enter their VPN portal credentials on the client.

The Sophos Connect client then establishes the connection.

More resources