Sophos Firewall
- Remote Access -
SSL VPN
Overview
Sophos Firewall supports SSL remote access VPNs based on OpenVPN.
The encrypted tunnels between remote devices and the Sophos Firewall use both SSl certificates and username, password to authenticate the connection. Use of one-time passwords possible
Configuration
You can create multiple remote access profiles for SSL VPN.
Manage which network resource users and groups are able to access.
If the VPn is set as default gateway:
- connected devices will send all traffic through the VPN to the Sophos Firewall
otherwise only allowed traffic for network resources
Note:
You must create firewall rules to allow traffic between the clients in the VPn zone and the permitted resoruces.
By default: Sophos Firewall hosts the SSL VPN on port 8443
The SSL VPN client can be downloaded from the User Portal.
IPsec VPN
Overview
The VPN can be authenticated using a preshared key or digital certificate.
Clientless Access Portal
Overview
The Clientless Access Portal is a part of the User Portal.
Can be used to provide access to internal resoruces without the need for a VPN client to be installed.
Found in:
USER PORTAL – SSL VPN – clientless access connections
Bookmarks will be visible as buttons which launch the associated connection using a secure SSL tunnel
Bookmarks
Clientless access is granted by creating a bookmark for each internal resource.
Each bookmark represents a session to a resource
Configured in:
CONFIGURE – VPN – Bookmarks
Client Access
After creating bookmarks they must be assigned to a specific user or group using a Clientless Access policy.
Mobile Access
Overview
Users can connect to the Sophos Firewall using any current smartphone or tablet.
- Install a VPN app onto your mobile device
- download the configuration fiel for your mobile platform in the user portal
- import it into the device
IOS Devices
- IPsec
- L2TP over IPsec
Android Devices
- IPsec
- L2TP over IPsec
- PPTP (not recommended)