The #1 VPN Client for Mac, iPhone and iPad

The #1 VPN Client for Mac, iPhone and iPad

For iPhone & iPad
VPN Tracker World Connect
Sign up


Sophos XG 86 Firewall

The Sophos XG series are powerful VPN firewalls with a diverse spec designed to suit a range of use cases, from private home office users to branch offices, all the way up to enterprise and data center level. A sleek white design combined with essential security features, including a practical, cloud-based central management system for easier day-to-day management. On this page, we take you through the key VPN specification for the XG 86, as well as all you need to know about setting up a VPN connection on your Sophos XG Series firewall for your Mac, iPhone or iPad.

VPN throughput225 Mbps
SeriesSophos XG Next Generation Firewalls
ModelXG 86
Recommended forHome office (1-5 users)
Supported VPN standardsIPsec
Built-in WiFioptional
Additional featuresThreat Protection & Firewall, Cloud-based Central Management System
Device StatusLegacy

Configure VPN on a Sophos XG 86 firewall

Follow these steps to set up a VPN connection on your XG 86:
  1. Retrieve the following network settings from your Sophos firewall's web interface:
    - WAN IP Address (or host name)
    - LAN Network

  2. Under "Configure", select "Authentication" and go to the "Groups" tab. Here you can set up a new VPN user group:
    - For "Surfing Quota" choose "Unlimited Internet Access"
    - Under "Access time" determine when your group has access to the connection
    - For "Traffic Shaping", select "None"

  3. Go to the "Users" tab and add a new user profile:
    - Create a username and password (you will need these in the next step!)
    - Under "Type", select "User" and choose a group.

  4. Configure your connection: Go to "Configure", select "Remote Access VPN" and add a new IPSec connection:
    - Ensure "IPV4" is selected and check the box next to "Activate on Save".
    - For "Connection Type, select "Remote Access"
    - Encryption: Under "Policy" select "Default Policy"
    - Select Preshared Key and enter a secure password (you will need this in the next step!)
    - Gateway settings: For "Local ID Type", select "DNS" and enter a Local ID (e.g. Sophos)
    - For "Remote ID Type", select "DNS" again and enter your Remote ID (e.g. VPN Tracker)
    - Select "Any" for both the local and remote subnets.

  5. Configure your firewall rules: Go to "Protect" and choose "Rules and Policies":
    - Rule 1 VPN to LAN: For "Action" select "Accept", Source Zones = VPN and Destination Zones = LAN. Under "Identity", uncheck "Match known users". Then, under "Advanced", go to "NAT & Routing" and uncheck "Rewrite source address (Masquerading)". Save your changes.
    - Rule 2 (optional) LAN to VPN: For "Action" select "Accept", Source Zones = LAN and Destination Zones = VPN. Under "Identity", uncheck "Match known users". Then, under "Advanced", go to "NAT & Routing" and uncheck "Rewrite source address (Masquerading)". Save your changes.
You are now ready to configure your connection on your Mac / iPhone / iPad.

Get started