Sophos Central Firewall Manager (CFM) maintenance scheduled for Wednesday, July 8th starting at 06:30 GMT. Expected time to complete is 5 hours. Partners will be unable to access CFM during this period.
Sophos Connect v1.2 supports Group Policy Object (GPO). This article describes the steps to install it and push its configuration via GPO. The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
Go to VPN > Sophos Connect client to configure it as the following.
From the Active Directory Server, logon the XG Firewall and go VPN > Sophos Connect client to download the Sophos Connect client.
The downloaded file contains the Sophos Connect client installers (Windows and macOS) and the admin tool (Windows), but we need just the SophosConnect.msi file to deploy it via GPO.
Create a shared folder that will contain the recently downloaded SophosConnect.msi file.
Open Group Policy Management to create a GPO in the domain in which the end users computers shall receive the SophosConnect.msi file.
Give it a name like "Sophos Connect installation via GPO" and click OK.
Right click on the recently created GPO to edit it.
In the Group Policy Management Editor page, add a new Software installation package.
Open the SophosConnect.msi file from the shared folder created earlier.
SophosConnect.msi file is now ready to be pushed to end users computers via GPO.
Reboot the end user machine to receive GPO updates or run the following command prompt: gpupdate /force
Type Y to reboot the user's computer and Sophos Connect should installed.
From the Active Directory Server, logon the XG Firewall and go VPN > Sophos Connect client to download the configuration file by clicking on Export Connection.
Save this configuration file locally on the hard drive.
And share its folder. In this example, Sophos Connect folder should be shared.
In the end user machine the configuration file will be pushed to the Import folder in this path: C:\Program Files (x86)\Sophos\Connect\Import so we need to create the same Import folder at the same path in the Active Directory server.
Open Group Policy Management to create a GPO in the domain in which the end users computers, with Sophos Connect already installed, shall receive the Sophos_Connect_VPN.tgb configuration file.
Give it a name like "Configuration file for Sophos Connect" and click OK.
In the Group Policy Management Editor page, add a new file.
In the General tab of the New File Properties window,
Optionally, you can switch to the Common tab to enable Item-level targeting and fine-tune the target of this configuration file according the business needs.
Sophos_Connect_VPN.tgb file is now ready to be pushed to end users computers, with Sophos Connect client already installed on them, via GPO.
The configuration file is now imported into Sophos Connect and you can use the VPN connection.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.