Skip to content

Remote access SSL VPN overview

You can enable remote users to connect to the network securely over the internet using remote access SSL VPN connections.

Users can establish IPv4 and IPv6 SSL VPN connections. These connections use OpenVPN. Remote access requires digital certificates and a username and password.

  • Go to Remote access VPN > SSL VPN.
  • Click SSL VPN global settings to specify settings for all remote access SSL VPN policies. See SSL VPN global settings.
  • Click Add to create an SSL VPN remote access policy.
  • Alternatively, click Assistant to launch the SSL VPN remote access assistant and configure the policy.

Additionally, you can do the following:

  • Click Logs to see the logs.
  • Click Download client to download the Sophos Connect client and share it with users. Alternatively, users can download the client from the user portal.

    Currently, the Sophos Connect client doesn't support some endpoint devices. See Compatibility with Sophos Connect client.

Warning

The legacy SSL VPN client reached end-of-life. It doesn't appear for download on the user portal any longer.

Configure remote access SSL VPN connections

To allow remote access to your network through the Sophos Connect client using an SSL connection, do as follows:

  1. Go to Remote access VPN > SSL VPN.
  2. Click SSL VPN global settings, specify the settings, and click Apply.
  3. Go to SSL VPN and add preconfigured users and groups. This creates a .ovpn configuration file, which appears on the user portal for the allowed users.
  4. Add firewall rules allowing traffic between the LAN and the VPN zones. The rule allows Sophos Connect clients to access the configured LAN networks.
  5. Optional: Configure a provisioning file and share it with users. The provisioning file imports the .ovpn configuration into the client.

Remote users

Users can download the Sophos Connect client from the user portal.

If you share the provisioning (.pro) file, users can double-click the file, which automatically imports the configuration into the client. Alternatively, they can download the .ovpn configuration file from the user portal and import it into the Sophos Connect client.

Sophos Connect client then establishes the connection.