First Buy or Renewal

Were we able to help you with this tutorial? Then consider us for the next Renewal. 😎
We sell licenses for all Sophos Firewalls worldwide!

To the Products

Sophos Connect Admin Tool: How to modify VPN config file

In this guide, we will show you how to import the configuration file (*.tgb) of the IPSec connection into the Sophos Connect Admin tool and make your own adjustments.

Sophos Connect Client - Series

This article is part of a series that will give you all the knowledge you need to get started with the Sophos Connect Client.

Download the Sophos Connect Admin tool

  1. Navigate to the VPN > Sophos Connect Client menu item on the XG firewall.
  2. Under Client information > Sophos Connect Client, click Download.
  3. This will download sophosconnect_installer.zip. There are three files in this zip file:
    • Sophos Connect Admin Tool - scadmin.msi
    • Sophos Connect Client for macOS - Sophos Connect.pkg
    • Sophos Connect Client for Windows - SophosConnect.msi

Installing Sophos Connect Admin

For this manual we need the file scadmin.msi. This tool is currently only available for Windows. Run the Sophos Connect Admin setup and install the client.

Sophos Connect Admin configuration

  1. Navigate to the VPN > Sophos Connect Client menu item on the XG firewall.
  2. Click the Export connection button at the bottom of the browser window to download the configuration file for the IPsec connection.
  3. In your download folder you should now find a *.tgb file.
  4. Open the Sophos Connect Admin tool and import this *.tgb file.

You can now make the following settings:

Sophos Connect Admin Tool settings
  • Tunnel All - If this option is activated, all client traffic is routed through the IPsec tunnel.
  • Send Security Heartbeat - By enabling this option, Sophos endpoints will send the heartbeat to the XG firewall.
  • Allow Password Saving - Enable this option if you allow the user name and password to be stored on the computer.
  • Prompt for 2FA - This configures 2FA (two-factor authentication) for VPN users.
  • Auto-Connect Tunnel - Enabling this option will connect the user to the VPN immediately after logging in to the operating system.
  • Networks - If you do not want all traffic to be sent through the VPN tunnel, you can specify here specifically which subnets should be sent through the tunnel.

Finally, click on Save to confirm your changes. The new configuration file will then be available in *.scx format. You can now open and import this file using the Sophos Connect Client on Windows or macOS.