Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

IPsec and SSL VPN overview

You can establish remote access IPsec and SSL VPN connections using the Sophos Connect client.

To enforce the advanced security settings and have greater flexibility in configuration, use the Sophos Connect client.

IPsec and SSL VPN connections

To configure the connections, you must do as follows:

IPsec: Go to Remote access VPN > IPsec and configure the settings.

SSL VPN: Configure the following settings and policies:

  • Remote access VPN > SSL VPN > SSL VPN global settings.
  • Remote access VPN > SSL VPN.

Sophos Connect client

To download the Sophos Connect client, do as follows:

Administrators: Go to Remote access VPN > IPsec or SSL VPN and click Download client.

Users: On the VPN portal, users can download the client from VPN > Sophos Connect client.

For more information about the Sophos Connect client and configurations users can download, see VPN clients and configuration files in the VPN portal.

Provisioning file versus configuration files

You can use a single provisioning file to automatically import remote access IPsec and SSL VPN connections and their updates. Alternatively, you can use the corresponding configuration files for these connection types. You'll need to import the configuration files each time you make changes.

Note

We recommend using the provisioning file. It doesn't require you to share the .scx file or for users to download the .ovpn file from the VPN portal when you update the remote access policies and settings.

See Automatic provisioning, configuration files, and clients.