Sophos Connect help Contents About Sophos Connect...... 1 How to install Sophos Connect...... 1 How to uninstall Sophos Connect...... 2 Connections...... 2 Events...... 8 Troubleshoot event errors...... 10 General troubleshooting...... 19 About Sophos Connect Admin...... 25 Editing configuration files...... 25 Legal Notices...... 27
(2021/03/05) Sophos Connect
1 About Sophos Connect
Sophos Connect is a VPN client that you can install on Windows and Macs. It allows you to connect to networks behind XG Firewall from a remote location, such as your organization's network. Your firewall administrator configures connection details on XG Firewall and gives you the installation package and the connection configuration files. This guide provides information about how to use Sophos Connect.
1.1 How to install Sophos Connect
Follow these instructions to install Sophos Connect on Windows or macOS.
Introduction
Install Sophos Connect on Windows
To install Sophos Connect on Windows, do as follows: 1. Open the installer. 2. Accept the license agreement and click Install. 3. Once the installation is complete, click Finish. You can now run Sophos Connect.
Install Sophos Connect on macOS
To install Sophos Connect on macOS, do as follows: 1. Open the installer. 2. Choose the installation destination. Make sure you have enough free space in the destination you've chosen, such as the system drive. 3. Click Install. 4. Once the installation is complete, click Finish. You can now run Sophos Connect.
Copyright © Sophos Limited 1 Sophos Connect
1.2 How to uninstall Sophos Connect
This topic shows you how to uninstall Sophos Connect on Windows or macOS.
Introduction
Uninstall Sophos Connect from Windows
To uninstall Sophos Connect from Windows, do as follows: 1. Go to Control Panel and under Programs click Uninstall a program. 2. Right-click Sophos Connect, and select Uninstall.
Uninstall Sophos Connect from macOS
To uninstall Sophos Connect from macOS, do as follows: 1. Open the terminal. 2. Elevate to root and run the uninstall script from the location Sophos Connect is installed in. Example: sudo /Library/Sophos Connect/uninstall.sh You'll get the following message if the uninstallation was successful: Sophos Connect has been uninstalled
1.3 Connections
You can import connections, establish connections, and view and edit connections. Sophos Connect supports SSL VPN and IPsec VPN.
1.3.1 Import Connections
The Sophos Connect client can connect to XG Firewall using SSL or IPsec VPN connections. You can import connections into the Sophos Connect client.
Introduction
In version 2.0 of the Sophos Connect client, you can import both SSL and IPsec VPN connections. If you're using an earlier version of the Sophos Connect client, you can only import IPsec connections. You can do as follows: • Import an IPsec connection using a file given to you by your firewall administrator. • Import an SSL connection using a file given to you by your firewall administrator. • Import an SSL connection by downloading a file from the user portal.
2 Copyright © Sophos Limited Sophos Connect
Import an IPsec connection
To import an IPsec connection you must have a connection file. The file has the extension tgb. To get the file contact your firewall administrator. To import a connection, do as follows: 1. Click Import connection on the Connections page. a) If there are existing connections, click the menu button and choose Import connection from the drop-down menu. The image below shows the Connections page:
2. Browse for the .tgb file and double-click on it. The imported connection shows under Connections. The image below shows an imported connection:
You can now establish the connection. You can import multiple connections.
Import an SSL connection
To import an SSL connection you must have a connection file. The file has the extension pro. To get the file contact your firewall administrator. To import a connection do as follows: Browse for the .pro file and double-click it.
Copyright © Sophos Limited 3 Sophos Connect
The connection is imported automatically, and Sophos Connect opens. The imported connection shows under Connections.
You can now establish the connection. You can import multiple connections.
Import an SSL connection from the user portal
To import a connection do as follows: 1. Sign in to the user portal. 2. Go to SSL VPN and click Download configuration for other OSs. 3. Open the Sophos Connect client. 4. Click Import connection on the Connections page. If there are existing connections, click the menu button and choose Import connection from the drop-down menu. 5. Browse for the .ovpn file and open it. The imported connection shows under Connections.
You can now establish the connection. You can import multiple connections.
1.3.2 Connect
Follow these instructions to establish a connection. Make sure there's at least one imported connection available, and your firewall administrator has given you the required credentials.
4 Copyright © Sophos Limited Sophos Connect
To establish a connection do as follows: 1. Select a connection on the Connections page. 2. Double-click the connection. You can also click Connect. The sign-in screen appears. The following image shows the sign-in screen:
3. Enter your username and password and click Sign in. Your firewall administrator may have configured one of the following types of multi-factor authentication: • If your firewall administrator has configured One Time Password (OTP), in addition to entering your username and password, you must enter your six-digit OTP passcode. You'll see a third input box (under username and password) where you enter the OTP passcode. • If your firewall administrator has configured DUO authentication, you may get one or two DUO prompts during the connection process. • If your firewall administrator has configured mixed mode two-factor authentication (2FA), you'll see a third input box (under username and password). You must enter one of the following words: push, phone, sms, or enter a DUO token. If you aren't sure about which options you can choose, contact your IT administrator or firewall administrator.
Copyright © Sophos Limited 5 Sophos Connect
Note If you imported the connection using a provisioning file, you'll get a warning that the server certificate can't be verified. You can click OK to continue. If you don't want to see the message, contact your firewall administrator.
Sophos Connect attempts to establish the connection and authenticate you. If you're facing connection issues, do as follows: • To investigate the cause, click the Events tab or click the menu icon and select Open VPN log. • For help with troubleshooting, see Troubleshoot event errors (page 10) and General troubleshooting (page 19). • You can also contact your IT administrator or firewall administrator for further assistance. The image below shows you where to find the Events tab and Open VPN log.
The connection to the remote server is established. The image below shows a successful connection:
6 Copyright © Sophos Limited Sophos Connect
If the connection is successful, you'll see this icon on the taskbar:
If the connection is unsuccessful, you'll see this icon on the taskbar:
Note If you've renamed the connection, the original name, as provided by your firewall administrator, still shows in connection details. For instructions on how to rename it, see Connection options (page 7).
1.3.3 Connection options
You can change the connections in Sophos Connect. To change a connection click the settings icon on the right of the connection.
Copyright © Sophos Limited 7 Sophos Connect
1. Auto-connect: Attempts a connection when Sophos Connect starts up.
Restriction You can only use this option if your firewall administrator turned it on.
2. Delete: Deletes the connection, so if you want to re-enable that connection, you'll need to import it again. 3. Rename: Gives you the option to rename your connection. 4. Clear credentials: Clears credentials that you've previously stored. 5. Update policy: Allows you to pull the latest policy from XG Firewall on demand.
Restriction You can only use this option if your firewall administrator created the connection using a provisioning file.
Tip If the connection fails after multiple retries, start a policy update, and try to connect again.
1.4 Events
On the events page, you can see any actions in Sophos Connect, and the results of those actions. For example, a user imports a connection file, and the connection is added to the Sophos Connect client. The events page shows the time and date the event occurred and a description of the event.
8 Copyright © Sophos Limited Sophos Connect
To remove all events from the list, click Clear events. The following image shows example events:
Related concepts Troubleshoot event errors (page 10)
Copyright © Sophos Limited 9 Sophos Connect
If you have issues connecting to your remote network, click the events tab, find the timestamp from when you attempted a connection, and find the relevant error.
1.5 Troubleshoot event errors
If you have issues connecting to your remote network, click the events tab, find the timestamp from when you attempted a connection, and find the relevant error. In the following topics, you can see error messages, possible causes for the errors, and information on what to do next. If you experience any issues that aren't listed, see General troubleshooting (page 19). If you need further assistance, contact Sophos Support.
Related concepts Events (page 8) On the events page, you can see any actions in Sophos Connect, and the results of those actions.
1.5.1 No network connection
If you don't have a network connection, follow these instructions.
Cause
The network adapter (ethernet or Wi-Fi) has no IP address.
Remedy
Check that you have a valid IP address and that your existing network connection is working.
1.5.2 DNS resolution failed
If DNS resolution is failing, follow these instructions.
Cause
The client isn't able to resolve the gateway hostname.
Remedy
1. Check if a DNS server is assigned to the network interface. If it doesn't resolve, contact your ISP. 2. Run nslookup from the command prompt (Windows) or the Terminal (macOS) for a public host, such as www.sophos.com, and verify that it resolves to an IP address. 3. If it doesn't resolve, contact your ISP.
10 Copyright © Sophos Limited Sophos Connect
1.5.3 User authentication of
If you can't authenticate, follow these instructions.
Cause
The username or password didn't match.
Remedy
1. Retry to see if it was due to user error during input. If you retry multiple times and get the same error, the password may have changed or been disabled on the firewall. 2. In this case, contact your firewall administrator.
1.5.4 Import file contains a duplicate connection:
The information below only applies if your firewall administrator configured a provisioning (.pro) file.
Cause
The connection imported from a provisioning file has a duplicate display name.
Remedy
Check the display_name attribute in the provisioning file and rename any duplicate names.
1.5.5 The connection data could not be added. Connection with name
Cause
A connection with the same name has already been imported.
Remedy
Delete the existing connection from Sophos Connect. Contact your firewall administrator if you need further help.
Copyright © Sophos Limited 11 Sophos Connect
1.5.6 Cannot connect to policy gateway:
The information below only applies if your firewall administrator configured a provisioning (.pro) file.
Cause
The provisioning file is misconfigured. This could be due to any of the following reasons: • Invalid gateway hostname or IP address. • Invalid port or outgoing blocked port. • The policy gateway is unreachable because it's turned off.
Remedy
1. Check the provisioning file for the following: 2. Make sure the value assigned to the gateway attribute is correct. 3. Make sure the value assigned to the user_portal_port attribute matches the user portal HTTPS port setting on XG Firewall. 4. If the provisioning file is configured correctly, contact your firewall administrator to troubleshoot further.
1.5.7 DNS resolution failed for gateway:
If DNS resolution is failing for the gateway, follow these instructions.
Cause
This error is due to an invalid hostname.
Remedy
• If the connection was added using a provisioning file, verify the hostname provided. • If the connection was added by importing an Open VPN (ovpn) file, contact your firewall administrator. They will check the SSL VPN settings on XG Firewall.
1.5.8 Service is unavailable
The troubleshooting steps below are for Windows only.
Cause
The Sophos Connect service (scvpn) is not running.
12 Copyright © Sophos Limited Sophos Connect
Remedy
Open the command prompt as an administrator and type the following command: net start scvpn
1.5.9 Server expected remote ID
Cause
The local ID type or value configured in the Sophos Connect policy on the firewall is different from this connection's value. This may be because the firewall administrator changed the local ID on the firewall, and the new configuration file wasn't imported to Sophos Connect.
Remedy
Contact your firewall administrator and report the problem to troubleshoot further.
1.5.10 Possible pre-shared key mismatch
This error applies to IPsec VPN connections only.
Cause
The pre-shared key on the firewall doesn't match the one used for this connection. The firewall administrator may have changed it on the firewall, and the new configuration file hasn't been uploaded to Sophos Connect.
Remedy
Contact your firewall administrator and report the problem to troubleshoot further.
1.5.11 UDP ports 500/4500 blocked
This error applies to IPsec VPN connections only.
Cause
The firewall or the router is blocking UDP ports 500 and 4500.
Copyright © Sophos Limited 13 Sophos Connect
Remedy
Check your local firewall or router configuration and allow traffic on those ports. If you don't have access to the firewall or router, for example, if you're in a hotel, connect through your mobile hotspot and try to connect again.
1.5.12 No response from gateway:
This error applies to IPsec VPN connections only.
Cause
The gateway isn't responding to IKE negotiation messages. The possible causes are as follows: • The remote gateway (firewall or router) has been shut down. • The WAN address on the remote gateway isn't connected directly to the internet.
Remedy
Contact your firewall administrator and report the problem to troubleshoot further.
1.5.13 Received NO_PROPOSAL_CHOSEN notification from gateway
This error applies to IPsec VPN connections only.
Cause
The remote gateway responded to IKE negotiations from Sophos Connect with this error notification. The possible causes are as follows: • The Sophos Connect policy isn't defined or activated on the firewall. • The firewall administrator changed the IKE phase 1 proposal used for the Sophos Connect policy on the firewall and the new configuration wasn't exported and uploaded to the client.
Remedy
Contact your firewall administrator and report the problem to troubleshoot further.
14 Copyright © Sophos Limited Sophos Connect
1.5.14 SA disabled or deleted by gateway
This error applies to IPsec VPN connections only.
Cause
The gateway sent an IKE delete request then the tunnel was deleted. This could be due to any of the following reasons: • The firewall administrator changed the policy on the firewall. This sends an IKE delete request to all the active SAs on the firewall. • The firewall administrator manually deleted all of the IPsec connections for this user on the firewall.
Remedy
Try to reconnect. If you can't reconnect, contact your firewall administrator to troubleshoot further.
1.5.15 Failure to add route [network/mask] prevented phase 2 completion
This error applies to IPsec VPN connections only. The troubleshooting steps below are for Windows only.
Cause
After the Phase 2 Security Association (SA) is established, a route can't be added to the remote network. This may be because the strongSwan service crashed while the tunnel was active.
Remedy
1. Turn off the TAP adapter then turn it on. 2. Open the command prompt as an administrator and enter the following commands: net stop scvpn then net start scvpn
1.5.16 Failed to load connection info into strongSwan
The troubleshooting steps below are for Windows only.
Cause
The strongSwan service isn't running (service name: charon-svc.exe).
Copyright © Sophos Limited 15 Sophos Connect
Remedy
Open the command prompt as an administrator and enter the following command: net start strongswan.
1.5.17 No SSL VPN policy is defined for this user:
This error applies to SSL VPN connections only.
Cause
The SSL VPN (remote access) policy on XG Firewall doesn't contain any policy members.
Remedy
Contact your firewall administrator.
1.5.18 Policy mismatch error. Will download policy and retry connection.
This error applies to SSL VPN connections only.
Cause
The Sophos Connect client tried to establish an SSL VPN connection with an existing policy it has saved for this connection. The firewall administrator changed the SSL VPN settings on XG Firewall after an SSL VPN connection was established and saved by Sophos Connect.
Remedy
The connection was created using a provisioning file. Sophos Connect automatically downloads the new policy and reestablishes the SSL VPN tunnel.
Note If the firewall administrator changes the SSL VPN policy on XG Firewall while the tunnel is in a connected state, if it's an SSL VPN over TCP tunnel, the Sophos Connect client detects and downloads the new policy immediately. If it's an SSL VPN over UDP tunnel, you need to wait for the inactivity timer to delete the tunnel. Sophos Connect then downloads the new policy to re- establish the tunnel.
16 Copyright © Sophos Limited Sophos Connect
1.5.19 Compression mismatch error. Will retry connection.
This error applies to SSL VPN connections only.
Cause
An SSL VPN policy is downloaded for the first time from XG Firewall and the SSL VPN tunnel is established with it.
Remedy
• If the connection is configured with an ovpn file, you must reconnect manually. • If the connection is configured with a provisioning file, Sophos Connect automatically tries to reconnect.
1.5.20 Policy mismatch error. Import a new policy for this connection.
This error applies to SSL VPN connections only.
Cause
The Sophos Connect client tried to establish an SSL VPN connection with an existing policy it has saved for this connection. The firewall administrator changed the SSL VPN settings on XG Firewall after an SSL VPN connection was established and saved by Sophos Connect.
Remedy
The connection was created by importing an ovpn file. The user must download and import a new ovpn file from XG Firewall user portal to re-establish the SSL VPN tunnel.
Note If the firewall administrator changes the SSL VPN policy on XG Firewall while the tunnel is in a connected state, and it's an SSL VPN over TCP tunnel, then the Sophos Connect client detects and disconnects the tunnel with an error. If it's an SSL VPN over UDP tunnel, then you have to wait for the inactivity timer to delete the tunnel. You must download and import a new ovpn file from the XG Firewall user portal to successfully re-establish the SSL VPN tunnel.
Copyright © Sophos Limited 17 Sophos Connect
1.5.21 Server certificate cannot be verified:
This error applies to SSL VPN connections only.
Cause
The Sophos Connect client imports the SSL VPN configuration by connecting to the XG Firewall user portal using the provisioning file's properties. The user portal uses a self-signed certificate that can't be verified by the Sophos Connect client.
Remedy
1. Accept the security warning to connect and download the ovpn configuration file from the user portal. To prevent the prompt from showing in the future, contact your firewall administrator. They must choose one of the options below: 2. Issue a new certificate for XG Firewall signed by a public CA. On XG Firewall, import the certificate then select it for Admin console and end-user interaction. 3. Push the default CA certificate from XG Firewall to the trusted store on the remote computers.
Related information Certificates
1.5.22 Could not connect to untrusted server:
This error applies to SSL VPN connections only.
Cause
You canceled the certificate warning prompt, and the connection was terminated.
Remedy
Accept the security warning to connect and download the SSL VPN policy from XG Firewall. To prevent the prompt from showing when the SSL VPN policy is downloading, contact your firewall administrator. They must choose one of the options below: a) Issue a new certificate for XG Firewall signed by a public CA. On XG Firewall, import the certificate, and then select it for Admin console and end-user interaction. b) Push the Default CA certificate from XG Firewall to the trusted store on the remote computers.
Related information Certificates
18 Copyright © Sophos Limited Sophos Connect
1.5.23 Timed out waiting for server response
This error applies to SSL VPN connections only.
Cause
The SSL VPN policy is misconfigured on XG Firewall. Possible reasons for the failure are as follows: • Override hostname is configured, but it does not resolve to a valid or correct public IP address. • DDNS is configured, but it does not resolve to the correct or valid public IP address. • Both Override hostname and DDNS aren't configured, and the WAN port doesn't have a public IP address.
Remedy
• If you used a provisioning file to import the connection, update the policy connection settings menu (on the Sophos Connect client). • If you used an ovpn file to create the connection, export a new ovpn file from the user portal and re-import it in the Sophos Connect client.
1.6 General troubleshooting
You can troubleshoot issues that don't appear on the events page. The following topics show issues, possible causes, and information on what to do next. If you need further assistance, contact Sophos Support.
1.6.1 Failed to write to pipe
If you can't connect, follow these instructions.
Cause
Failed to write to pipe
Remedy
1. Re-establish the connection. If this doesn't work, restart your device and try again. 2. If you restart your device and you still can't connect, contact your firewall administrator.
Copyright © Sophos Limited 19 Sophos Connect
1.6.2 Sophos Connect dashboard will not open
If the Sophos Connect dashboard won't open, follow these instructions.
Cause
If the Sophos Connect dashboard doesn't open, or it doesn't respond when you click the tray icon, the Sophos Connect GUI is stuck in an infinite loop and can't respond to external input.
Remedy
• On Windows: Open Task Manager and select the Details tab. Find scgui.exe and then right- click and select End task. Restart the application from the desktop shortcut. • On macOS: Open Activity Monitor and find the Sophos Connect process. Open this process and select Force Quit. Restart the application from LaunchPad.
1.6.3 Web browsing stops working when tunnel is disconnected
This error is more common on macOS.
Cause
When a tunnel all connection is disconnected, the DNS servers aren't restored from the physical network adapters. This means the internal DNS servers used when you were connected through the VPN are still used. As the tunnel no longer exists, the name resolution won't work.
Remedy
Disconnect from your local network then reconnect.
1.6.4 Traffic stops going through the VPN tunnel
This error applies to IPsec VPN connections only.
Cause
If you're running a firmware version earlier than 17.5, it's possible that the client received a new virtual IP after the phase 1 rekey.
Remedy
You must disconnect then reconnect. The permanent solution is to upgrade to version 17.5 or later.
20 Copyright © Sophos Limited Sophos Connect
1.6.5 Sophos Connect GUI displays "Service Unavailable"
This error is more common on macOS. This error applies to IPsec VPN connections only.
Cause
When a tunnel disconnect is initiated, the strongSwan IPsec daemon gets stuck in an infinite loop. This results in the GUI not getting a response for disconnect, then time out and show the error as "Service Unavailable."
Remedy
• On macOS, do as follows: a) Open the Activity Monitor and quit the Sophos Connect GUI process. b) Open the Terminal and run the following commands: sudo /bin/launchctl unload -w /Library/LaunchDaemons/com.sophos.connect.scvpn.plist then sudo /bin/launchctl load -w /Library/LaunchDaemons/ com.sophos.connect.scvpn.plist c) Open Sophos Connect and check that the "Service unavailable" error is resolved. • On Windows, do as follows: a) Open cmd as administrator then run the following commands: net stop scvpn net start scvpn b) Open Sophos Connect and check that the "Service unavailable" error is now resolved.
1.6.6 Received connection reset from gateway:
This error applies to SSL VPN connections only. This message is logged in the scvpn.log file (in the install folder).
Cause
SSL VPN settings are changed on XG Firewall, a user is manually disconnected or XG Firewall restarts. If the connection uses SSL VPN over TCP, XG Firewall sends a connection reset request. If the connection uses SSL VPN over UDP, the connection may reconnect automatically depending on the idle time-out period.
Remedy
Import a new configuration file into the Sophos Connect client and then reconnect. a) If your firewall administrator hasn't sent you the file, go to the user portal and download it. b) Otherwise, go to the user portal to download the ovpn file.
Copyright © Sophos Limited 21 Sophos Connect
1.6.7 SSL VPN connection has auto-connect and update policy menu items grayed out.
This error applies to SSL VPN connections only.
Cause
If the SSL VPN connection is created by importing an ovpn file, these options aren't available.
Remedy
To turn on these options, you must create a connection using a provisioning file and add them to the provisioning file. Update policy is available after you connect for the first time. To turn on auto-connect, you must define an auto_connect_host that can only be accessed on the internal network. Example of a provisioning file with minimum requirements for enabling auto-connect:
[ { "display_name": "
1.6.8 SSL VPN error
This error applies to SSL VPN connections only.
Cause
An error generated by the OpenVPN service.
Remedy
Re-establish the connection. If this doesn't work, restart your device and try again.
22 Copyright © Sophos Limited Sophos Connect
1.6.9 Sophos Connect can't establish a tunnel
This error applies to SSL VPN connections only.
Cause
You probably installed the Sophos Connect client first and then installed the Sophos SSL VPN client.
Remedy
Uninstall both clients, then re-install the Sophos SSL VPN client, then the Sophos Connect client.
1.6.10 Management port is unavailable
This error applies to SSL VPN connections only.
Cause
Sophos Connect fails to claim TCP port 25340, which is required to communicate with OpenVPN.
Remedy
1. Check if another application is running on the device using this port. 2. Exit the application, if possible. If you don't fix this issue, Sophos Connect 2.0 can't run on your device. If no other application is using this port, this may be a temporary condition. 3. Reconnect to the Sophos Connect client.
1.6.11 Failed to create temporary file
This error applies to SSL VPN connections only.
Cause
Sophos Connect uses a temporary file to pass the connection attributes to the OpenVPN service. Sophos Connect failed to create the file on this device.
Remedy
Restart your device.
Copyright © Sophos Limited 23 Sophos Connect
1.6.12 OpenVPN service is unavailable
This error applies to SSL VPN connections only.
Cause
The OpenVPN service may not have started.
Remedy
If the OpenVPN service start-up type is set to disabled, change it to manual, and restart the Sophos Connect service.
24 Copyright © Sophos Limited Sophos Connect
2 About Sophos Connect Admin
In Sophos Connect Admin, you can import config (.tgb) files and configure various VPN setup options. For information on how to configure and export a .tgb file on XG Firewall, see Sophos Connect client in the XG Firewall help. You can install and uninstall Sophos Connect Admin in the same way you do the Sophos Connect client.
2.1 Editing configuration files
You can edit your configuration (.tgb) files in Sophos Connect Admin, which provides you with more granular VPN configuration options. Open the .tgb file you've exported from XG Firewall in Sophos Connect Admin. You can: • Turn on Tunnel All to send all traffic through the VPN connection. • Turn on Send Security Heartbeat to allow Sophos Endpoint Protection to send a heartbeat to XG Firewall. This only works if the user has the Sophos Endpoint Protection client installed on their device. • Turn on Allow Password Saving to allow the users to save their username and password on their device. The user credentials are stored securely using keychain services. • Turn on Prompt for 2FA if you've configured two-factor authentication for the VPN users on XG Firewall. • Turn on Auto-connect Tunnel to automatically turn on the connection after the user logs on to Sophos Connect on their device. Sophos Connect won't automatically start the connection if the user is already connected to the corporate network. Auto-connect requires an additional configuration parameter: Enter a host/DNS Suffix. It determines whether the user's local system is inside or outside the corporate network. Use one of the following values: — An IP address. — A Fully Qualified Domain Name (FQDN). The hostname must only resolve when using the internal DNS server. — A DNS suffix.
Note If you configure an IP Address or FQDN, ICMP must be allowed on this host.
• Add, change, and delete the networks that the user can connect to. When you add specific networks to the list, you turn split tunneling on. The user accesses resources on those networks through the VPN connection but accesses internet resources straight through their remote gateway.
Copyright © Sophos Limited 25 Sophos Connect
Note If you delete all networks, tunnel all mode will be activated, meaning all traffic goes through the VPN connection.
• Change the connection name and target host. If you clear the configuration, you'll need to import the .tbg file again. If you save the configuration, it's saved as a .scx file.
Note You can import .scx files and re-edit them.
When you've saved the configuration file, you can send it to the user, who imports it into Sophos Connect.
26 Copyright © Sophos Limited Sophos Connect
3 Legal Notices
Copyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner. Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
Copyright © Sophos Limited 27