Although version 2.5.0 itself does not add new authentication features, it inherits the Microsoft Entra ID (formerly Azure AD) single sign‑on (SSO) capabilities introduced in earlier versions (2.4 and later). This means that organizations using Sophos Connect 2.5.0 can still take advantage of Entra ID SSO for both the VPN portal and the client connections, provided the firewall is running SFOS v21.5 or newer.
For silent, unattended installation, the msiexec command is used. This is the preferred method for deployment via scripts. An example command would be:
Get it directly from the Sophos Firewall firmware repository. Configure VPN settings on Sophos Firewall
The SSL VPN component refused to handshake. The error log spat out a single, cryptic line: TLS version mismatch. Minimum required: 1.0. sophosconnect 2.5.0 ga ipsec and sslvpn.msi
: Note that in version 2.5, Sophos Connect may only auto-start for the user who performed the installation due to registry changes.
The Sophos Connect 2.5.0 GA (General Availability) installer is a unified client designed to simplify remote access for organizations using Sophos Firewall. By combining both IPsec and SSL VPN capabilities into a single MSI package, Sophos has streamlined the deployment process for IT administrators and improved the connection experience for end-users.
Before sending the software to your end-users, ensure you have completed these baseline steps: Download verified 2.5.0 GA MSI package Although version 2
The sophosconnect 2.5.0 ga ipsec and sslvpn.msi file enables easy, automated, and silent deployment via Active Directory Group Policy (GPO) or management tools like SCCM. Key Features in Sophos Connect 2.5.0
Sophos Connect 2.5.0 GA introduces better support for TOTP (Time-based One-Time Password) and push notifications, reducing timeout errors during secondary authentication.
A: By default, the client phones home to Sophos for telemetry. Disable via the ENABLE_ANALYTICS=0 MSI property. This is the preferred method for deployment via scripts
After installation, the Sophos Connect client requires configuration to connect to the VPN portal. This is achieved through configuration files, which are easy to import.
Integrates seamlessly with tokens, SMS, and push notifications for enhanced security.
The client rejects the .scx file. Fix: Ensure your Sophos Firewall is on SFOS 19.0.1 or higher. The 2.5.0 client uses a newer config schema incompatible with SFOS 18.5.
The .msi file extension makes Sophos Connect 2.5.0 highly compatible with automated deployment tools. Below are the three most common ways to install it across your organization. 1. Manual Local Installation
Method 1: Deployment via Microsoft Endpoint Configuration Manager (SCCM / Intune)