Register Now


Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Sophos Connect Client Configuration

Here in this article we will discuss how to configure sophos connect client in detail


Sophos connect client is used as an IPsec remote access client to access the remote LAN network with confidentiality.

Login to the sophos XG firewall GUI and click on VPN >> IPsec Remote Access and fill up all the details.

General Settings

IPsec remote access: Enable this option to enable the sophos connect client

Interface: Select your WAN interface since you will connect to firewall LAN network from the external (outside) network

Preshared Key: Enter the preshared key which will be used for authentication

Local ID & Remote ID: These are optional fields used to differentiate different VPN connections.

Allowed Users and Groups: Under allowed users and groups section add the concerned users who want to connect to firewall LAN work using sophos connect client

Client Information

Name: Enter any name for connection

Assign IP from: Enter any range of IP address, make sure it won’t overlap with existing LAN networks in the firewall.

Enable “Allow leasing IP address from RADIUS server for L2TP, PPTP and IPsec remote access” option to get acquire IP address from the radius server

DNS server1 & DNS server2: You can define the primary DNS and secondary DNS servers for sophos connect clients. These fields are optional


Disconnect when tunnel is idle: This option is used to disconnect when no traffic is passing through sophos connect client tunnel

Idle session time interval: After these number of seconds, idle clients will be disconnected

Advanced Settings:

Use as default gateway: If we enable this option, all sophos connect client traffic will be passing through the sophos XG firewall.

Permitted network resources: Under permitted network resources section add firewall LAN networks.

Send Security Heartbeat through tunnel: This option will allow client to send security heartbeat through the sophos connect client.

Allow users to save username and password: If we enable this option, sophos connect client users can save their credentials. But from security perspective its not recommended.

Here are the sample settings in the firewall:

General settings
General Settings
Client information
Client Information
Idle settings
Idle settings
Advanced settings
advanced settings

Now we have configured sophos connect client, we will save it and create firewall rules which will be used to allow the traffic to the firewall LAN network.

Go to Rules and Policies and click on Add firewall Rule on top:

Firewall rule
Firewall rule

We can create single firewall rule for both LAN to VPN and VPN to LAN traffic as shown in above image. Make sure to create firewall rule on top so that it will not match any block rule. If you are sure about your network configuration you can place this firewall rule based on the requirement.

Now you need to download sophos connect client, you can download it from user portal or VPN >> IPsec Remote Access >> Download client

Login to the concerned user portal and click on the download configuration for windows as shown in image below

Download sophos connect client
Sophos Connect

Follow the installation process and install the sophos connect client in the end user machine. Once it got installed sophos connect client will be shown in task bar

Sophos connect
Sophos Connect

You have successfully installed configuration file, you have to download sophos connect configuration set up from the VPN >> IPsec Remote Access tab

Click on the export connection as shown in image below

Export connection
Export connection

Extract the downloaded zip file, it will download three files as shown in below image

Three files
Sophos connect

Click on the sophos connect icon, import downloaded connection to sophos connect by clicking on import connection tab. You need to select tgb format file (third file in above image)

import connection
Sophos Connect

Now the specific IPsec connection should be listed in the sophos connect client as shown below

test connection initiate
Test connection

Click on the test connection and click on connect and enter user name and password of specific user. It should be connected to the firewall.

test connection

To check the IP address given to the connected machine, enter command prompt and type ipconfig. Sine we have given IP range from to We got IP address as shown in image below

IP address

Since we do not enable default gateway option in sophos connect client configuration, default gateway option is not listed in the command prompt

Now you can connect to firewall LAN network.

Hope this article helps you.