Configure VPN provisioning file
The Sophos Connect provisioning file allows you to provision remote access IPsec and SSL VPN configurations.
Based on the provisioning file settings, the Sophos Connect client connects to the user portal using the user's credentials and automatically imports the following configuration files:
- IPsec remote access settings:
.scxfile for all users. - SSL VPN remote access policies:
.ovpnfile for users specified in the policies.
It also fetches the updates you make to remote access IPsec and SSL VPN settings and policies.
Requirement
When the provisioning file is used, the Sophos Connect client imports the configuration through the user portal. For remote users connecting from the WAN zone, you must allow WAN access for the user portal in Administration > Device access, under Local service ACL.
Configure and import the provisioning file
To create and import the provisioning file, do as follows:
- Open a new file in a text editor, such as Notepad.
-
Copy and edit the settings to meet your network requirements using the syntax on Provisioning file settings.
Note
You must specify the hostname or IP address for the gateway. You can edit the other fields if needed.
Example settings
[ { "gateway": "203.0.113.1", "user_portal_port": 443, "otp": false, "auto_connect_host": "10.10.10.1", "can_save_credentials": true, "check_remote_availability": false, "run_logon_script": false } ] -
Save the file with a
.proextension. -
To install it on users' endpoints, do one of the following:
-
Email the provisioning file to users.
Users must click Import connection in the Sophos Connect client and select the file. Alternatively, they can double-click the
.profile to import it. See Remote access IPsec and SSL VPN. -
Use an Active Directory Group Policy Object (GPO) to automatically import it to the Sophos Connect client on users' endpoints after start-up. See Import VPN provisioning file through GPO.
-
More resources