Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=SSLVPNPolicyManage

Remote access SSL VPN overview

You can enable remote users to connect to the network securely over the internet using remote access SSL VPN connections.

Users can establish IPv4 and IPv6 SSL VPN connections. These connections use OpenVPN. Remote access requires digital certificates and a username and password.

  • Go to Remote access VPN > SSL VPN.
  • Click SSL VPN global settings to specify settings for all remote access SSL VPN policies. See SSL VPN global settings.
  • Click Add to launch the SSL VPN remote access assistant. If you only want to configure the policy, click Configure manually.

Additionally, you can do the following:

  • Click Logs to see the logs.

  • Click Download client to download the Sophos Connect client and share it with users. Alternatively, users can download the client from the VPN portal.

    Currently, the Sophos Connect client doesn't support some endpoint devices. See Compatibility with Sophos Connect client.

Warning

The legacy SSL VPN client reached end-of-life. It doesn't appear for download on the VPN portal any longer.

Before you migrate to SFOS 20.0 MR1

Firewalls using SFOS 20.0 MR1 won't establish remote access SSL VPN connections with the legacy VPN client that was available earlier.

You can use one of the following options:

  • Use the Sophos Connect client.
  • Use remote access IPsec connections.

Configure remote access SSL VPN connections

To allow remote access to your network through the Sophos Connect client using an SSL connection, do as follows:

  1. Go to Remote access VPN > SSL VPN.
  2. Click SSL VPN global settings, specify the settings, and click Apply.
  3. Go to SSL VPN and add preconfigured users and groups. This creates a .ovpn configuration file, which appears on the VPN portal for the allowed users.
  4. Add firewall rules allowing traffic between the LAN and the VPN zones. The rule allows Sophos Connect clients to access the configured LAN networks.
  5. Optional: Configure a provisioning file and share it with users. The provisioning file imports the .ovpn configuration into the Sophos Connect client.

Remote users

Users can download the Sophos Connect client from the VPN portal.

If you share the provisioning (.pro) file, users can double-click the file, which automatically imports the configuration into the Sophos Connect client. Alternatively, they can download the .ovpn configuration file from the VPN portal and import it into the Sophos Connect client.

Sophos Connect client then establishes the connection.

Videos