Skip to content


Using the Point-to-Point Tunneling Protocol (PPTP), you can provide connections to your network through private tunnels over the internet. The protocol itself does not describe encryption or authentication features. However, the firewall supports several authentication options including Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), and Microsoft Challenge Handshake Authentication Protocol (MS-CHAPv2). The firewall supports PPTP as described in RFC 2637.

  • Go to Remote access VPN > PPTP.
  • To allow users to access your network through PPTP, specify the settings and click Apply. Then, click Add members and select the users.
  • To view users who are allowed access using PPTP, click Show members.

Enable PPTP

Enable PPTP: Allow access to your network by specified users through PPTP.

General settings

Assign IP from: Range from which an IP address is leased to the client. The client uses the assigned address for the duration of the connection.

Enter a private IP address range that belongs to a /24 or smaller subnet. The range can't contain more than 254 IP addresses.


IP address ranges for L2TP and PPTP must not overlap with the SSL VPN range.

Allow leasing IP address from RADIUS server for L2TP, PPTP, and Sophos Connect client: When users are authenticated using a RADIUS server, use the IP address provided by the RADIUS server. If the RADIUS server provides no addresses, Sophos Firewall assigns the static address configured for the user or leases an address from the specified range.

Client information: Primary DNS server to use for connections. Optionally, you can specify a secondary DNS server and WINS servers.