Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Troubleshoot remote access SSL VPN

Make sure you've completed the configurations. If you can't establish tunnels after that, follow the basic and advanced troubleshooting steps.

Complete the configurations

  1. Web admin console: You can use the remote access SSL VPN assistant to configure the following settings:

    1. Remote access VPN > SSL VPN: Add an SSL VPN policy.
    2. Administration > Device access: Allow access from zones to services.
    3. Authentication > Services: Check the SSL VPN authentication method.
  2. VPN portal

    1. Download the Sophos Connect client and install it on your endpoint.
    2. Download and import the .ovpn file to the client.
  3. Sophos Connect client: Enter your credentials to establish the connection.

Example configurations:

Basic troubleshooting

Users can't access VPN portal from WAN zone

  1. Go to Administration > Device access and select WAN and the required zones under VPN portal.
  2. Make sure you added an SSL VPN policy.
  3. In the browser, enter https://<IP address or hostname of Sophos Firewall>:<VPN portal's port>.

    Note

    The default port for VPN portal is 443. To check the port, go to Administration > Admin and user settings and see under Admin console and end-user interaction.

Other VPN portal issues

  • Scenario


    • Can't sign in to VPN portal.
    • SSL VPN configuration files don't appear.
  1. Go to Remote access VPN > SSL VPN and make sure you added the users to an SSL VPN policy.
  2. We recommend that usernames and certificate and CA fields don't contain special characters for the following reasons:

    • The VPN portal doesn't support some special characters in usernames.
    • The Sophos Connect client only supports ASCII characters in usernames. It doesn't support certain sequences of special characters. See Sophos Connect: Supported characters.
    • Usernames are used in the .ovpn filenames and the certificates the firewall generates for each remote user. Third-party VPN clients may not support special characters in these.

Advanced troubleshooting

To resolve advanced issues, see the following checklists: