First Buy or Renewal

Were we able to help you with this tutorial? Then consider us for the next Renewal. 😎
We sell licenses for all Sophos Firewalls worldwide!

To the Products

How to install the Sophos Connect Client on macOS

In this tutorial, we will show you how to download the Sophos Connect Client from your Sophos XG Firewall and install and configure it on a Mac.

Sophos Connect Client - Series

This article is part of a series that will give you all the knowledge you need to get started with the Sophos Connect Client.


  • Firmware SFOS 17.5 or higher
  • macOS Client Operating system: macOS 12.12 or higher

1. Download Sophos Connect Client

To start the installation, you must first download the Sophos Connect Client for macOS. This is currently only possible as an administrator through the XG firewall. Follow the steps below to do this:

  1. Navigate to the VPN > Sophos Connect Client menu item on the XG firewall.
  2. In the section Client data > Sophos Connect Client, click Download.

A zip file named will then be saved on your Mac. When you extract this zip file, you will find three files in it:

  • scadmin.msi - Sophos Connect Admin Tool
  • Sophos Connect.pkg - Sophos Connect Client for macOS
  • SophosConnect.msi - Sophos Connect Client for Windows

For these instructions we need the Sophos Connect.pkg package.

2. Installing the Sophos Connect Client

Start the installation of the Sophos Connect Client by double-clicking the Sophos Connect.pkg file. Once the installation is complete, you can exit the installation wizard by clicking Close.

3. Download connection file

When you start the Sophos Connect Client for the first time, a connection file is required to import. This file can currently only be downloaded by an administrator through the XG firewall. To do this, follow these steps:

  1. Navigate to the VPN > Sophos Connect Client menu item on the XG firewall.
  2. Click the Export connection button at the bottom of the browser to download the IPsec connection file. 3 You should now find a *.tgb file in your download folder.

4. Setting up the Sophos Connect Client

The Sophos Connect Client can be set up in just a few steps:

  1. Open the Sophos Connect Client and click Import Connection.
  2. Select the connection file with the extension *.tgb from your hard drive. The connection will then be listed under Connections.
  3. Now click on Connect to establish the IPsec connection.
  4. Next, log in with your VPN user.

If you have entered the correct user data, a VPN connection should now be established successfully. Don’t forget to click Disconnect again in the Sophos Connect Client when you no longer need the VPN connection.

IPsec connection with macOS on-board tools

With macOS it is also possible to establish an IPsec connection without the Sophos Connect Client. All you need is a personal account for the XG Firewall user portal to download the IPsec configuration.

  1. Log in with your account to the user portal of your XG firewall.
  2. Click under the category Configuration for IPsec VPN client for Apple iOS on Install.
  3. As soon as the profile has been downloaded, you can open it with a double click. 4 You will then be asked if you really want to install the Sophos profile. Confirm this with Continue.
  4. Your IPsec connection will now be created automatically in the settings under Network. All you need to do now is click on Connect.

Although this solution saves the installation of additional software, the Sophos Connect Client has a significant advantage over the integrated IPsec client from macOS. Using the Sophos Connect Admin Tool, the configuration file (.tgb) of the IPSec connection can be modified. The exported format (.scx) can only be used with the Sophos Connect Client. The following instructions can help:
Sophos Connect Admin Tool: How to modify VPN config file

Note: In order to be able to customize a connection file (*.tgb) with the Sophos Connect Admin Tool afterwards, a Windows computer is currently required. We hope that a macOS version will follow soon.