Sophos XG Firewall: How to configure IPsec remote access VPN with Sophos Connect client.


Sophos Connect client is VPN software that runs on Microsoft Windows 7 SP2 and later, and Mac OS 10.12 and later. It establishes highly secure, encrypted VPN tunnels for off-site employees.

The article will guide the steps to configure Sophos Connect Client on Sophos XG v18.


Step 1: Configure IPsec (Remote Access)

Go to Configure> VPN> IPsec (remote access). Fill in the following parameters:

IPsec remote access: Click Enable

Interface: select WAN port

Authentication Type: Select Preshared key or Digital Certificate

If you choose Preshared key: Enter any preshared key you want.

Allowed users and group: Add the users you want.

You can create users at Authentication> User> Add. Or you can syn user from Active Directory.

Scroll down to the Client information:

Name: Enter the name you want

Assign IP from: Enter the IP range you want to assign to the user using Sophos Connect Client.



Click Enable Disconnect when tunnel is idle

Idle session time interval: Enter a desired number from 120-999.

Click Apply and OK.

Step 2: Download the installation file.

There are 2 ways to download Sophos Connect:

Option 1: Download directly at the configuration page.

Click on Download Client and share it with the user to install.

Option 2: User downloads on the User Portal page.

After downloading, there will be files as shown below.

Next you will export the configuration file to import to Sophos Connect. Click Export connection will automatically download the configuration file and share it to the user.

Step 3: Install Sophos Connect Client.

On the user machine that opens the newly downloaded installation file in the above step, click Open to install SophosConnect 2.1.20 (Ipsec and SSLVPN) .msi for window.

Install according to the instructions. Once installed, open Sophos Connect.

Click Import connection.

Select the .tgb installation file you just downloaded from Export Connection step. Click Open.

After the import is complete. Click Connect.

Authentication user: Enter the user and password you created for the Sophos user in the Allowed users and group step. Click Sign in.

Sophos Connect has connected successfully.

Check on Sophos XG: Go to Monitor and Analyze> Current Activities> Live Users.

User connected and has IP of

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.