Sophos firewall v19: How to configure IPSec VPN Client to Site on Sophos firewall


The article guides to configure the SSL VPN Client to Site feature to allow remote users to connect to the local network

The article uses SSL security encryption protocol and is done on firmware version 19 on the Sophos firewall XGS firewall device


Steps of configuration

How to configure

  • Login to Sophos firewall by Admin account

1. Create user and group VPN for users

  • Go to Authentication -> Choose Groups tab -> Click Add
Hình ảnh này chưa có thuộc tính alt; tên tệp của nó là image-4554-1024x517.png
  • Enter name for group
  • In Group type: Choose Normal
  • In Surfing quota: Choose Unlimited Internet Access or the quota that you want
  • In Access time: Choose Allowed all the time or the time that you want
  • Click Save
Hình ảnh này chưa có thuộc tính alt; tên tệp của nó là image-4555-1024x517.png
  • Move to Users tab -> Click Add
  • Enter name for user
  • In User type: Choose User
  • In Password: Enter user’s password
  • In Email: Enter email account
  • In Group: Choose SSL VPN Group that was created before
  • Click Save

2. Configure IPSec VPN Remote access

  • Go to Remote access VPN -> Choose IPSec tab
  • Tick in IPSec remote access
  • In Interface: Choose WAN interface that you want to allow outside user connect to
  • In IPSec profile: Choose DefaultRemoteAccess or policy that you want or you can create another policy
  • In Authentication type: Choose Preshared key
  • In Preshared key: Enter the key
  • In Allowed users and groups: Choose users and groups that you want
  • In Name: Enter connection name
  • In Assign IP from: Enter IP range that you want to assign for VPN users
  • In DNS server 1: Enter DNS server that you want to assign for VPN users
  • Choose Use as default gateway if you want all traffic to be routed to the firewall or uncheck if you want only VPN traffic to be routed to the firewall device (other traffic will not route to the firewall)
  • In Permitted network resources (IPv4): Choose resources that you want allow VPN subnet can connect to
  • Choose Allow users to save username and password if you want to allow user save login information
  • Click Apply
  • Click OK
  • Click Export connection to download configuration file
  • Use decompression software to extract the downloaded configuration file

3. Install VPN Client in user’s computer

  • Access to User Portal

** If you cannot access to user portal -> Please check Device access and Admin and user settings

  • Login by VPN user which was created before
  • Click Download for Windows in Sophos Connect client to get installation file
  • Run installation file
  • Tick in I accept the Sophos End User License Agreement and acknowledge the Sophos Privacy Policy
  • Click Install
  • Wait for installation
  • Click Finish
  • Open Sophos Connect software
  • Click Import connection
  • Choose configuration file with scx extension
  • Click Connect and login with username, password
  • You can choose Save user name and password
  • Successfully access

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.