lots of time burned on Sophos connect for Mac, trying to get .scx file imported, fails every time...

so, I'm glad the client is finally available, the cisco vpn client in 17.1 wasn't usable, or rather our current ASA options couldn't be configured in sophos, AD auth wasn't seamless (user portal first connect requirement), no split tunnel, bug with multiple connections from same user from different devices assigns the same IP to both remote clients, dns suffix settings missing.

I'm testing 17.5, and after a lot of effort, I finally found the Sophos Connect Admin utility,  it's windows only app (scadmin.msi) and it's found in the client download bundle, not on the firewall web ui and zero documentation, no search results in help, nada.  


I've burned most of today on this, can anyone tell me how to import the .scx file into an existing vpn entry on macos?   I tried appending the .scx file to the .tgb file and importing as new connection, it ignored the extra info.

there's zero documentation that I can find that tells you what to do with the file once the admin app creates it.  if it's a windows only thing, then I would be very very annoyed.  another blocker preventing me from deploying the firewalls we bought in april last year.

thanks in advance.

  • Sophos Connect is still in EAP (Early Access Program). So basically it is not launched. 

    You should post it in this forum:


    A feature is not working as expected? You have found a bug?


    Team is working on Documentation on both tools. Most likely they focus at Windows right know in case of documentation. 

    I cannot reproduce it, because i am a Windows / Linux User and do not have any Mac. Could be some kind of Bug. 

  • Hello Steven,


    Are you able to resolve the issue? If not please let me know what problem you are having so I can help you. .scx file will work on both Windows and Mac. So basically here is what you need to do. Setup Sophos Connect Client Policy on the XG firewall. After you save the policy, export it. Now import that .tgb file in Sophos Connect Admin. Here are some of the options/configurations you can add to the policy. You can change the policy from tunnel all to split tunnel, enable prompt for OTP, Allow the user to save credentials, Enable Auto-Connect and set up monitoring host or domain and send Security heart beat down the tunnel (this currently works on Windows and Mac fix will be available later). You can change the connection name and the target host also. Save the policy (.scx) and then import it in Sophos Connect on the Mac.


    Let me know if you have any problems.

    Thank you