Installing Sophos XG Firewall VPN Client - MacOS SSL-VPN

Updated by Bob Pankratz

OS Compatibility: The Viscosity VPN client supports SSL-VPNs for macOS and winOS. If you need the IPSec VPNs for either OS please see these instructions instead:


To use an SSL VPN with macOS, you will need a couple of pieces of info before proceeding:

  • Mac Compatible SSL VPN software. We recommend the Viscosity VPN software based on openVPN.
  • The web address of your Sophos user portal; URL will look similar to:
  • The ActiveDirectory Domain name that you are connecting to if you are using a Laptop in and out of the Office for full network access.
  • Your ActiveDirectory username in short-form without the domain. This will be one of the following:
    Firstname, First.Lastname, or FirstinitialLastname
    This will likely be the same name you login to your PC with, in the form of "Domainname\Username" or "Username@domainName.

Download and Install the Sophos VPN Configuration file

  1. Login to your VPN Portal (Your username and password will be the same as your office pc).
Google Chrome is recommended for this step if you have a self-signed security certificate. With a self-signed certificate, you will receive a security certificate warning you will need to use "advanced" > "proceed" to go around the error. This is normal for self-signed free certs.
If you get the warning but don't get an "advanced" button, you can still bypass the warning by typing "thisisunsafe" on your keyboard; you won't need to press enter, and the browser will move forward to the login page.

  1. Download the Sophos Connect configuration file Step 2 on the following screen. You will need this file at Step 6
  2. To install the Viscosity VPN Client, proceed to Spark Labs Web Site (Viscosity work equally well with MacOs and WinOS) click on the download button for your preferred OS
  1. macOS users open the DMG file via a double-click (winOS users run the .exe installer)
    1. Drag Viscosity to your Applications folder.
    2. Eject the Viscosity disk image.
    3. Launch Viscosity from your Applications folder.
    4. Enter your username and password so Viscosity can configure itself and install any necessary components.

Creating Your First Connection

You can create a connection in Viscosity by importing the OpenVPN configuration file.

Importing A Connection - You can import a connection into Viscosity by double-clicking on the OpenVPN configuration file download in step 1, or by following the steps below:
  1. Open Viscosity, go to the Viscosity menu and select “Preferences…”.The preferences window should appear.
  1. Make sure the “Connections” toolbar item is selected, and then click the “+” button in the bottom left-hand corner of the window. Select “Import Connection” then "From File..." from the menu that appears.
  1. Select the connection bundle (.visc) or OpenVPN configuration file (.ovpn or .conf) supplied by your server administrator. Click the Open button.
  1. Your connection will now appear in the Viscosity menu. To connect, select your connect from the menu. The menu icon will update to let you know when your new connection has been connected.

Advanced settings

For users with multiple connections or with the need to connect ad-hoc to many servers by short hostnames, making each connection domain-aware can improve the user experience. To enable domain name intelligence, perform the following steps for each connection:

  1. Proceed to Viscosity Preferences.
  1. Select the connection to modify and click Edit.
  1. Click on the Networking tab, Enter your domain name, in the domains box, and click save. For Sophos SSL VPN connections the domain name will be part of the .ovpn file name. If you are unsure of your domain name you may also ask your administrator for confirmation.

How did we do?