Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=how-to-set-up-user-VPN-portals

Set up VPN and user portals

Users can use the VPN portal to download the Sophos Connect client and configuration files to establish remote access IPsec and SSL VPN connections. They can also establish clientless SSL VPN connections.

Users can use the user portal to see their personal details, such as name, sign-in credentials, email address, and user-group membership.

To set up VPN and user portals for your users, do as follows:

  1. Go to Administration > Admin and user settings > Admin console and end-user interaction to see the default ports:

    • User portal: 4443

      Access link: https://<firewall's IP address>:4443.

    • VPN portal: 443

      Access link: https://<firewall's IP address>:443.

    If you want to change the default ports, see Port sharing among services.

    Shows the VPN and user portal ports.

  2. Go to Administration > Device access and select the zones from which you want users to access the portals:

    1. Under VPN portal, select a zone. For example, WAN.

    2. Under User portal, select a zone.

      Don't select WAN for the user portal. It's a security risk. You can allow access from VPN, LAN, and Wi-Fi zones.

    Select the zones.

  3. Go to Authentication > Services and select an authentication server:

    1. For the VPN portal, under VPN portal authentication methods, select an authentication server.

      Select an authentication server.

    2. For the user portal, under User portal authentication methods, select an authentication server.

      Select an authentication server.

  4. Set up multi-factor authentication (MFA) as follows:

    1. Go to Authentication > Multi-factor Authentication.

    2. Under One-time password (OTP), select All users or Specific users and groups.

      If you select Specific users and groups, select the users or groups.

    3. Turn on Generate OTP token with next sign-in.

    4. Under Require MFA for, select VPN portal.

      The user portal is selected by default.

    5. Click Apply.

    Turn on MFA.

    The OTP token (QR code) appears on the VPN and user portals. Users can set up their OTP token on either portal by using an authenticator app on their mobile devices.