Sophos firewall v19: How to configure SSL VPN Client to Site on Sophos firewall

Overview

The article guides to configure the SSL VPN Client to Site feature to allow remote users to connect to the local network

The article uses SSL security encryption protocol and is done on firmware version 19 on the Sophos firewall XGS firewall device

Diagram

Steps of configuration

How to configure

  • Login to Sophos firewall by Admin account

1. Create user and group VPN for users

  • Go to Authentication -> Choose Groups tab -> Click Add
Hình ảnh này chưa có thuộc tính alt; tên tệp của nó là image-4554-1024x517.png
  • Enter name for group
  • In Group type: Choose Normal
  • In Surfing quota: Choose Unlimited Internet Access or the quota that you want
  • In Access time: Choose Allowed all the time or the time that you want
  • Click Save
Hình ảnh này chưa có thuộc tính alt; tên tệp của nó là image-4555-1024x517.png
  • Move to Users tab -> Click Add
  • Enter name for user
  • In User type: Choose User
  • In Password: Enter user’s password
  • In Email: Enter email account
  • In Group: Choose SSL VPN Group that was created before
  • Click Save
Hình ảnh này chưa có thuộc tính alt; tên tệp của nó là image-4556-1024x517.png

2. Configure SSL VPN Remote access

  • Go to Remote access VPN -> Choose SSL VPN tab -> Click Add
  • Enter name for SSL VPN
  • In Policy members: Choose User or Group that was created before
  • Choose Use as default gateway if you want all traffic to be routed to the firewall or uncheck if you want only VPN traffic to be routed to the firewall device (other traffic will not route to the firewall)
  • In Permitted network resources (IPv4): Choose resources that you want allow VPN subnet can connect to
  • Click Apply
  • Choose SSL VPN global settings
  • In Override hostname: Enter IP WAN that you want to allow outside user can connect to
  • In Assign IPv4 address: Enter IP subnet that you want to assign for VPN users
  • Click Apply

3. Install VPN Client on user computer

  • Access to User Portal

** If you cannot access to user portal -> Please check Device access and Admin and user settings

  • Login by VPN user that was created before
  • Click Download for Windows in Sophos Connect client to get installation file and click Download for Windows, macOS, Linux in VPN configuration to get configuration file
  • Run installation file
  • Tick in I accept the Sophos End User License Agreement and acknowledge the Sophos Privacy Policy
  • Click Install
  • Wait for installation
  • Click Finish
  • Open Sophos Connect software
  • Click Import connection
  • Choose configuration file that was downloaded before
  • Click Connect and login by username, password
  • You can choose Save user name and password
  • Successfully access

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.