On the Remote Access > SSL > Profiles tab you can create different profiles for remote access users defining basic settings for SSL VPN access.
On the Profiles tab, click New Remote Access Profile.
The Add Remote Access Profile dialog box opens.
Make the following settings:
Profile name: Enter a descriptive name for this profile.
Users and groups: Select the users or user groups or add new users that should be able to use SSL VPN remote access with this profile. How to add users is explained on the Definitions & Users > Users & Groups > Users page.
Local networks: Select or add the local network(s) that should be reachable to the selected SSL clients through the VPN SSL tunnel. How to add a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.
Note – By default, the SSL VPN solution of Sophos UTM on AWS employs so-called split tunneling, that is, the process of allowing remote VPN users to access a public network, for example, the Internet, at the same time that those users are allowed to access resources on the VPN. However, split tunneling can be bypassed if you select Any or Internetin the Local networks field. This will enable SSL VPN configurations to act as a full tunnel. Whether users are allowed to access a public network then depends on your firewall configuration.
Automatic firewall rules: Select this option to automatically add firewall rules that allow traffic for this profile. The rules are added as soon as the profile is enabled, and they are removed when the profile is disabled. If you do not select this option, you need to specify appropriate firewall rules manually.
Comment (optional): Add a description or other information.
The new profile appears on the Profiles list.
To either edit or delete a profile, click the corresponding buttons.
Note – The Remote Access menu of the User Portal is only available to users who are selected in the Users and groups box and for whom a user definition does exist on Sophos UTM on AWS (see Definitions & Users > Users & Groups > Users). Authorized users who have successfully logged in to the User Portal find the SSL VPN client software bundle as well as a link to installation instructions, which are available at the Sophos Knowledge Base. Downloading may fail with some browsers on Android if the CA certificate is not installed or if the hostname does not match the common name in the portal certificate. In this case, users need to install the CA certificate or try another browser.