Remote access IPsec overview
You can establish remote access IPsec VPN connections using the Sophos Connect client.
- To specify the phase 1 and phase 2 IKE (Internet Key Exchange) parameters for establishing IPsec tunnels between two firewalls, go to Remote access VPN > IPsec and click IPsec profiles.
- To download the Sophos Connect client, click Download client.
- To see the logs, click Logs.
- To allow incoming IPsec requests, click Device access or go to Administration > Device access and turn on IPsec for the WAN zone.
- To export the configuration after specifying the settings, scroll down and click Export connection.
- To reset the settings, scroll down and click Reset.
- To use single sign-on (SSO), you must set up Microsoft Entra ID and use it as an authentication method in Authentication > Services. See Microsoft Entra ID server.
Configuring IPsec remote access connections
To allow remote access to your network through the Sophos Connect client using an IPsec connection, do as follows:
- Go to Remote access VPN > IPsec and specify the settings.
- Add a firewall rule to allow traffic between the Sophos Connect clients and Sophos Firewall. For higher levels of security, configure individual rules for inbound and outbound traffic.
- Scroll down on IPsec and click Export connection to download the configuration files.
-
Share the
.scxfile with users.The
.tgbfile doesn't have the advanced settings. You can use it with third-party VPN clients.
Remote users
Users must do as follows:
- Download the Sophos Connect client from the VPN portal.
- Import the
.scxfile shared with them to the client. - Enter their VPN portal credentials on the client.
The Sophos Connect client then establishes the connection.
Videos
Configure remote access IPsec and SSL VPN
Configure Microsoft Entra ID SSO for Sophos Connect
More resources