Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Configure VPN provisioning file

The Sophos Connect provisioning file allows you to provision remote access IPsec and SSL VPN configurations.

Based on the provisioning file settings, the Sophos Connect client connects to the VPN portal using the user's credentials and automatically imports the following configuration files:

  • IPsec remote access settings: .scx file for all users.
  • SSL VPN remote access policies: .ovpn file for users specified in the policies.

It also fetches the updates you make to remote access IPsec and SSL VPN settings and policies.

Requirement

When the provisioning file is used, the Sophos Connect client imports the configuration through the VPN portal. For remote users connecting from the WAN zone, you must allow WAN access for the VPN portal in Administration > Device access, under Local service ACL.

Configure and import the provisioning file

To create and import the provisioning file, do as follows:

  1. Open a new file in a text editor, such as Notepad.
  2. Copy and edit the settings to meet your network requirements using the syntax on Provisioning file settings.

    Requirement

    You must specify the hostname or IP address for gateway. You can edit the other fields if needed.

    Note

    If you change the VPN portal port in the firewall, you must change it in the provisioning file.

    Example settings
    [
        {
            "gateway": "203.0.113.1",
            "vpn_portal_port": 443,
            "otp": false,
            "auto_connect_host": "10.10.10.1",
            "can_save_credentials": true,
            "check_remote_availability": false,
            "run_logon_script": false
        }
    ]
    
  3. Save the file with a .pro extension.

  4. To install it on users' endpoints, do one of the following:

    • Email the provisioning file to users.

      Users must click Import connection in the Sophos Connect client and select the file. Alternatively, they can double-click the .pro file to import it. See Provisioning IPsec and SSL VPN.

    • Use an Active Directory Group Policy Object (GPO) to automatically import it to the Sophos Connect client on users' endpoints after start-up. See Import VPN provisioning file through GPO.

More resources