TSF – Giải pháp IT toàn diện cho doanh nghiệp SMB | HCM

Homepage
About Us
Solution
Tutorial
Comtact
Youtube
🌐 Language / Ngôn ngữ
  • English
  • Tiếng Việt
    • Contact

    Sophos - How to Configure SSL VPN Client-to-Site on Sophos Firewall (Step-by-Step)

    SSL VPN Client-to-Site allows users to securely access internal networks from remote locations.
    In this guide, you’ll learn how to configure SSL VPN on Sophos Firewall step by step.
    We cover user authentication, VPN policies, and firewall rules.
    This setup is ideal for remote workers and IT administrators.
    Proper VPN configuration ensures encrypted and secure connections.
    You’ll also learn common mistakes and best practices.
    The tutorial is beginner-friendly and easy to follow.
    Follow this demo to enable secure remote access with Sophos Firewall.

    Step 1: Create VPN User/Group

    Authentication > Groups/Users

    • Create user: vpnuser
    • Assign to SSL VPN group

    Step 2: Enable SSL VPN

    Go to:

    CONFIGURE > REMOTE ACCESS VPN > SSL VPN (Remote Access)

    • Select the IP range assigned to the VPN client (e.g., 10.81.0.0/24)

    • Select the network to be accessed: e.g., LAN

    • Select the allowed user or group of users

    Allow access to which network (or host).

    Where can users download the installation and configuration files?

    After creating the SSL VPN, a Firewall Rule will be automatically generated.

    Step 3: Set permissions for the device to access the VPN.

    Change the VPN Portal port (avoid using port 443).

    For example, change it to 8443.
    Set permissions for the VPN to access the Firewall.

    Step 4: Download the Sophos Connect client and configuration file.

    Check the port the portal is using.

     Portal link: https://IP_FW:8443/
    Download and install the VPN app.
    Access from an external network:
    Log in using the vpnuser user → download:

    • ✅ Sophos Connect Client
    • ✅ .ovpn configuration file

    Note: In this step, if Device Access selects the portal user, the user will be redirected to the portal page, not this VPN download page.

    Step 5: Install the client on the remote machine

    Install app msi => next next finish
    • Import the .ovpn file
    • Connect to the VPN → the machine will be assigned a private IP address (e.g., 10.81.234.6)

    • Then you can access:

    o Internal printer
    o Internal web server
    o Internal Sophos interface

    Check vpn

    Check the connection:

    • Ping: ping 192.168.x.x (internal device)

    • Access GUI: http://192.168.x.x