Profiles
On the Remote Access > SSL > Profiles tab you can create different profiles for remote access users.
To configure an SSL VPN profile, proceed as follows:
-
On the Profiles tab, click New Remote Access Profile.
The Add Remote Access Profile dialog box opens.
-
Specify the following settings:
Profile name: Enter a descriptive name for this profile.
Users and groups: Select the users or user groups or add new users that should be able to use SSL VPN remote access with this profile. For how to add new users or groups, see Definitions & Users > Users & Groups > Users.
Local networks: Select or add the local networks that remote users should be able to access. For how to add a network definition, see Definitions & Users > Network Definitions > Network Definitions.
Note – By default, the SSL VPN solution of Sophos UTM on AWS employs so-called split tunneling, that is, the process of allowing remote VPN users to access a public network, for example, the Internet, at the same time that those users are allowed to access resources on the VPN. However, split tunneling can be bypassed if you select Any or Internetin the Local networks field. This will enable SSL VPN configurations to act as a full tunnel. Whether users are allowed to access a public network then depends on your firewall configuration.
Automatic firewall rules: Select this option to automatically add firewall rules that allow traffic for this profile. The rules are added as soon as the profile is enabled, and they are removed when the profile is disabled. If you do not select this option, you need to specify appropriate firewall rules manually.
Comment (optional): Add a description or other information.
-
Click Save.
The new profile appears on the Profiles list.
To either edit or delete a profile, click the corresponding buttons.
Note – The Remote Access menu of the User Portal is only available to users who are selected in the Users and groups box and for whom a user definition does exist on Sophos UTM on AWS (see Definitions & Users > Users & Groups > Users). Authorized users find the Sophos Connect client as well as a link to installation instructions in the User Portal. Downloading may fail with some browsers on Android if the CA certificate is not installed or if the hostname does not match the common name in the portal certificate. In this case, users need to install the CA certificate or try another browser.
Open Live Log
The OpenVPN Live Log logs remote access activities. Click the button to open the live log in a new window.