Installing Sophos XG Firewall VPN Client - Sophos Connect

Updated by Bob Pankratz

OS Compatibility: The Sophos Connect VPN client support IPSEC VPNs for macOS and winOS and SSL-VPN for WinOS. If you need SSL-VPN for macOS please see these instructions instead: https://help.technosis.biz/sophos/installing-mac-os-ssl-vpn-client-for-sophos-xg

Pre-Requisites

To use an SSL VPN with macOS, you will need a couple of pieces of info before proceeding:

  • Mac Compatible SSL VPN software. We recommend the Viscosity VPN software based on openVPN.
  • The web address of your Sophos user portal; URL will look similar to:
    https://proxy-st.companydomain.com
    https://proxy-st.companydomain.com:1443
    https://ipaddress:1443
  • The ActiveDirectory Domain name that you are connecting to if you are using a Laptop in and out of the Office for full network access.
  • Your ActiveDirectory username in short-form without the domain. This will be one of the following:
    Firstname, First.Lastname, or FirstinitialLastname
    This will likely be the same name you login to your PC with, in the form of "Domainname\Username" or "Username@domainName.

Download and Install the Sophos Connect Client

  1. Login to your VPN Portal (Your username and password will be the same as your office pc).
Google Chrome is recommended for this step if you have a self-signed security certificate. With a self-signed certificate, you will receive a security certificate warning you will need to use "advanced" > "proceed" to go around the error. This is normal for self-signed free certs.
If you get the warning but don't get an "advanced" button, you can still bypass the warning by typing "thisisunsafe" on your keyboard; you won't need to press enter, and the browser will move forward to the login page.
  1. Download Sophos Connect Step 2, and the configuration file Step 3 on the following screen.
  1. To install Sophos Connect on Windows, do as follows:
    1. Open the installer. Click the downloaded file to install the Sophos Connect client on your device.
    2. Accept the license agreement and click Install.
    3. Once the installation is complete, click Finish.
    4. You can see the client on your desktop.
    5. Double-click the client. You can then see it in the tray in the lower-right corner
      Sophos Connect client in Windows tray
  2. Import the configuration file to the client
    1. Click the Sophos Connect client on your endpoint and click Import connection.
      Import the connection
    2. Select the .ovpn configuration file you've downloaded.
      Here's an example of an imported connection:
      VPN connection
    If the Sophos Connect software was already installed on your computer, you might have to Import an SSL connection from the user portal. Click Import connection on the Connections page. Browse for the .ovpn file and open it
    1. Click Connect to sign in.
      Click connect
    2. Enter your user portal username and password.
      Sign in to connect
    3. Enter the verification code if your organization requires two-factor authentication.
    4. Click Sign in.
    This establishes the remote access SSL VPN connection. Future connections are established automatically.
  3. Enter your username and password and click Sign in.
    • If your firewall administrator has configured a One-Time Password (OTP), in addition to entering your username and password, you must enter your six-digit OTP passcode. You'll see a third input box (under username and password) where you enter the OTP passcode.
    • If your firewall administrator has configured mixed-mode two-factor authentication (2FA), you'll see a third input box (under username and password). You must enter one of the following words: pushphonesms, or enter a DUO token.
    Sophos Connect attempts to establish the connection and authenticate you.
  5. If you're facing connection issues, do as follows:
    • To investigate the cause, click the Events tab or click the menu icon and select Open VPN log.
    • You can also contact your IT administrator or firewall administrator for further assistance.
    The image below shows you where to find the Events tab and Open VPN log.

The connection to the remote server is established. The image below shows a successful connection:

Image showing an example of a successful connection

If the connection is successful, you'll see this icon on the taskbar:

Advanced Setting for Domain users with local firewall active

  1. Advanced Settings if you Firewall Blocks full connectivity
    For some installations, if you are a heavy user of network connections and your firewall status is normally "off" for domain connections and on for Public and Private connections, you will need to perform these additional steps.
    1. Launch the Windows Network Adapter settings with this sequence of commands
      1. Press Win+R.
      2. in the run dialog box type "ncpa.cpl" without the quotes
      3. Press Enter -or- Click OK
    2. In the new window, double-click on the Sophos TAP Driver and then click the 'Properties' button.
    3. Select 'IP version 4 (TCP/IPv4)' and click 'Properties.'
    4. Click on the Advanced.... button
    5. Select the DNS Tab by clicking on it
    6. Enter your active directory DNS domain name into the "DNS suffix for this connection:" box.
      Your network admin can supply the suffix if you weren't provided it and don't know it
    7. Click OK Twice, Click Close Twice and then close the network connections window.

How did we do?