Register Now


Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

How To Configure SSL VPN In Sophos XG Firewall

Here in this article we will discuss how to configure SSL VPN in sophos XG firewall. SSL VPN is type of secure remote access VPN useful for connecting remote access users to sophos XG firewall.

Add Remote Access Policy:

Login to sophos XG firewall, click on VPN menu and select SSL VPN remote access tab. Click on ADD SSL VPN remote access.

General Settings
General Settings

Name: Enter any name for SSL VPN remote access policy.

Policy Members: Select the required users who needs to connect through SSL VPN tunnel.

Tunnel Access
Tunnel Access

Use as default gateway: If we enable “Use as default gateway” option, Default gateway for SSL VPN traffic will be sophos XG firewall. So if SSL VPN client machine needs to reach another network it will reach sophos XG firewall and firewall will forward traffic to concerned network.

Permitted network resources: Select networks under “permitted network resources” section which needs to connect through SSL VPN tunnel.

Idle time out
Idle time-out

Disconnect idle clients: If there is no traffic in SSL VPN and connection is IDLE, clients will be disconnected after IDLE time.

Override global time: By default IDLE time is 15 minutes, you can increase IDLE time up to 60 minutes.

VPN Settings:

Click on VPN menu and click on “show vpn settings

VPN settings
VPN settings
SSL VPN settings
Show VPN settings

Fill the SSL VPN settings based on your requirement

Protocol: Under protocol section, select TCP or UDP. If we select protocol as UDP SSL VPN traffic speed will be high. In case if you experience any delays in SSL VPN connection, you can change protocol to UDP. Then it will increase speed through SSL VPN tunnel.

SSL Server Certificate: In place of SSL Server Certificate you can select the required certificate. By default sophos XG firewall will use “Appliance Certificate” for SSL VPN.

Override Hostname: By default SSL VPN tunnel will connect to first WAN link which mentioned under “network menu >> WAN link manager“. If you want connect your SSL VPN traffic to other public IP of the firewall you can enter here.

Note: If you select different IP here, you need to re download and re install the VPN client again.

Port: Enter any port. SSL VPN connect to XG firewall on that specific port. By default SSL VPN port will be 8443.

IPV4 Lease Range: Clients connected to SSL VPN tunnel will get IP address from this range.

Subnet Mask: Enter subnet mask depends on your requirement.

You can enter rest of the settings depends on your requirement.

SSL VPN Authentication Method

Now click on “Authentication >> Services tab” and select authentication method for SSL VPN as shown in below image

SSL VPN authentication
SSL VPN Authentication Method

Enable SSL VPN In WAN Zone

You need to enable SSL VPN under WAN zone. If SSL VPN is disabled under WAN zone, users cannot connect to SSL VPN from external network

SSL VPN device access
SSL VPN zone

Download SSL VPN Client:

Now login to user portal with concerned user credentials and download SSL VPN client from user portal.

SSL client download
User Portal Client

Click on “Download client and configuration for windows” and install it on user client machine.

Once it got installed in user’s machine it will be resembled by this ICON in task bar.

SSL VPN icon

Now right click on icon and select “seshu ssl vpn config“, since the username is “seshu” in the SSL VPN policy

SSL VPN config
SSL VPN config

Enter username and credentials and click on connect. SSL VPN client will be connected now.

Hope this article helps you.