Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

You are currently reviewing an older revision of this page.

SSL VPN: Auto Connect clients using Provisioning File

Overview: 

This guide will show how to auto-connect a Windows device to Sophos Firewall SSL VPN Remote access on boot, restart, sleep, or shutdown using .pro (Provisioning File)

The Sophos Connect provisioning file allows you to provision remote access IPsec and SSL VPN connections with Sophos Firewall. It also automatically imports any configuration changes you make later. Users don't need to download the configuration file from the VPN portal. 

For more details about the Provisioning File you can refer on this document guide: https://docs.sophos.com/nsg/sophos-firewall/20.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/RemoteAccessVPN/IPsecSSL/SophosConnect/RAVPNSConProvisioningFile/index.html\

Configuration:

1. Configure your SSL VPN Remote Access - You may follow this document guide: https://docs.sophos.com/nsg/sophos-firewall/20.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/RemoteAccessVPN/IPsecSSL/SSLVPN/index.html

2. Then, download and install Sophos Connect client: https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RemoteAccessVPN/IPsecSSL/SophosConnect/RAVPNSConClient/index.html

Note: Starting V20 onwards you can download the client in VPN Portal: https://support.sophos.com/support/s/article/KB-000045105?language=en_US

3. Next, we'll configure and import the provisioning file to the Sophos Connect Client: https://docs.sophos.com/nsg/sophos-firewall/20.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/RemoteAccessVPN/IPsecSSL/SophosConnect/RAVPNSConConfigureProvisioningFile/index.html#requirement

We can open an editor such as Notepad and configure what we need to perform the auto-connect functionality, you may follow this template: 

[
    {
        "gateway": "203.0.113.1",
        "vpn_portal_port": 443,
        "otp": false,
        "auto_connect_host": "10.10.10.1",
        "can_save_credentials": true,
        "check_remote_availability": false,
        "run_logon_script": false
    }
]

Kindly take note as well of the needed requirements in creating the .pro file 

Then, after the configuration, save the file with .pro extension. 

4. Import the .pro file to the Sophos Connect Client

In your Sophos Connect Client > Import Connection

Then Double-click the .pro file. Alternatively, click Import connection in the client and select the file.

Also, you may import the .pro file using GPO. Kindly refer to this documentation guide: https://docs.sophos.com/nsg/sophos-firewall/20.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/RemoteAccessVPN/IPsecSSL/SophosConnect/RAVPNSConProvisioningFileGPOScript/index.html

5. Once you import the .pro file, it will now try to connect, then you'll face a Certificate Warning Error - 

To prevent users from seeing a certificate error (allow unsigned certificate) when the file is imported, do as follows:

- Generate a locally-signed certificate.
- Go to Administration > Admin settings > Admin console and end-user interaction > Certificate and select the certificate.
Push the default CA to users.

The easiest way to do this is with Active Directory GPO.

Unfiltered HTML