Sophos XG Firewall: Useful links for configuring VPN remote access
Some of you may be setting up VPN remote access on the Sophos XG Firewall for the first time. So we wanted ensure that everyone was aware of the great support content available to reference.
Multi-Factor Authentication (MFA)
- With the growing threat of external attacks aimed at compromising privileged accounts, Multi-Factor Authentication (MFA) provides a critical layer of security to significantly reduce the chances of a security breach. MFA ensures that only authorized users and administrators are able to gain access to mission-critical accounts, computers, and other sensitive resources, even in the event where an attacker gains access to a password. (More info on MFA)
- Sophos XG Firewall: How to configure one-time password (OTP)
- User Assistance Documentation Guide – Authentication
- Configuring RADIUS authentication
- Note: Sophos XG v18 supports DUO and other MFA tools with the Radius Timeout configurable option
Sophos Connect Client
- Sophos Connect client is VPN software that runs on Microsoft Windows 7 SP2 and later, and Mac OS 10.12 and later. It establishes highly secure, encrypted VPN tunnels for off-site employees.
- User Assistance Documentation Guide – Sophos Connect
- KBA 133109 – Sophos XG Firewall: Sophos Connect Client
- Note: This video is relevant for both XG v17.5 and v18 deployments
Sophos SSL VPN
- With remote access policies, you can provide access to network resources by individual hosts over the internet using point-to-point encrypted tunnels. Remote access requires SSL certificates and a user name and password. Users can download a customized SSL VPN client software bundle from the user portal. The bundle includes an SSL VPN client, SSL certificates, and a configuration. The client supports many common business applications. Remote access policies use OpenVPN, a full-featured SSL VPN solution.
- User Assistance Documentation Guide – Remote Access SSL VPN
- KBA 127189 – Sophos XG Firewall: How to troubleshoot SSL VPN remote access connectivity and data transfer issues
- KBA 125374 – Sophos XG Firewall: How to configure SSL VPN for Mac OS X
- KBA 122769 – Sophos XG Firewall: How to configure SSL VPN remote access
- Note: The video below is relevant for both Sophos XG v17 and v18 deployments
L2TP Remote Access
- The Layer Two Tunneling Protocol (L2TP) enables you to provide connections to your network through private tunnels over the internet.