First Buy or Renewal

Were we able to help you with this tutorial? Then consider us for the next Renewal. 😎
We sell licenses for all Sophos Firewalls worldwide!

To the Products

Sophos Connect Client vs. SSL VPN Client: What’s the Difference?

The Sophos SSL VPN Client has been the most popular solution to establish a VPN connection with Sophos Firewall so far. However, Sophos now offers an alternative with the new Sophos Connect Client. In this article, you will learn about the advantages and disadvantages of the two clients.

Sophos Connect Client - Series

This article is part of a series that will give you all the knowledge you need to get started with the Sophos Connect Client.

Sophos SSL VPN Client


  • OpenVPN - The Sophos SSL VPN client is a branded OpenVPN client. It works fine with the OpenVPN server running on the Sophos firewall.
  • Large OS support - The OpenVPN client is available for Windows, macOS, Android and iOS.
  • Open standard and therefore multiple clients - It is also possible to use other SSL VPN clients, such as
    • pritunl Client - Windows, macOS, Linux (Free and Open Source)
    • Tunnelblick - macOS (Free and Open Source)
    • Viscosity - Windows, macOS (Shareware)
  • Multiple settings - The SSL VPN client lets you choose a different port for the connection at Sophos. You can also set the encryption strength.


  • Software distribution - It is not possible to install the VPN client via a software distribution because each user has his own certificate.
  • Performance - Depending on the settings, the traffic runs through a TCP or UDP tunnel. But even with UDP the performance is worse than with the IPsec protocol.
  • Firewall load - SSL requires more performance on the Sophos Firewall, so it is not possible to establish as many parallel connections. Depending on the appliance, up to 6 times more connections are possible.

Sophos Connect Client


  • Performance - IPsec offers better performance.
  • Deployment - The tool can be rolled out via a software distribution.
  • Own development - The tool is developed directly by Sophos and can also be distributed via Central in the future. This makes it even easier for the admin.
  • Sophos Synchronized Security - The Sophos Connect Client makes it much easier to configure the security heartbeat than the SSL VPN Client.
  • macOS / iOS board resources - We at Avanet love it when you can work on a system with board resources and don’t have to install an extra tool for every purpose. With macOS, the Cisco IPsec client is integrated into the operating system. Via the “Sophos User Portal” you can download the IPsec configuration ‘iOS_IPSECProfile.mobileconfig’ and install it with one click.


  • Client download - Currently only the admin can download the setup and config files. Apart from macOS and iOS, the user cannot do this himself via the user portal. However, we assume that this will change in the future.
  • Protocol Ports - For the IPsec connection ports are used which are not open everywhere, e.g. hotels or public hotsports.
  • User permission - Each user has to be added separately in the SFOS configuration. It is not possible to allow ActiveDirectory groups for the Sophos Connect Client.