Sophos Connect VPN dial-in: setup and establishing a connection

1. Foreword

With the Sophos Connect software, you have remote access via internet to the IT systems and services hosted on the company network. To ensure security, you must register for Multi-Factor Authentication (MFA) in addition to using your Windows/email username and password when establishing a connection. The following instructions explain the necessary steps. If you have questions or encounter any issues during setup, please contact Vega IT Support.

1.1 What is Multi-Factor Authentication (MFA) and why is it necessary?

Multi-Factor Authentication (MFA) is a security process that requires users to provide two or more verification factors to gain access to a system, application, or network. Instead of relying solely on a password (something the user knows), MFA adds an additional layer of security by requiring one or more of the following:

Something the user has (e.g., a mobile device or authentication app)
Something the user is (e.g., fingerprint or facial recognition)

MFA is essential for enhancing security because passwords alone are increasingly vulnerable to hacking, phishing, and brute-force attacks. By requiring multiple forms of verification, MFA greatly reduces the likelihood of unauthorized access, even if a password is compromised. This extra layer of security is particularly important for accessing sensitive corporate networks and data, protecting both the user and the organization from potential cyber threats.

What does this mean in brief and in the context of VPN access via Sophos Connect? For VPN access through Sophos Connect, this means that, in addition to your Windows/email username and password, you must enter a 6-digit, randomly generated code to establish a secure connection. This code is generated by the Microsoft Authenticator app on your smartphone. The setup process for this app is explained in the following steps.

2. Setting up Multi-Factor Authentication

This step to set up the Microsoft Authenticator app only needs to be performed once.

Install the Microsoft Authenticator app (available for iOS and Android) on your smartphone. The app icon looks like that:

Now open the website https://vpn-szh.vegatrans.com on your computer and log in with your Windows/email username and password:

After successful log in, you see this webpage:

Start the Microsoft Authenticator app on your smartphone and add a new entry:

You can see an entry in the Authenticator app, here an example:

Setting up your account for MFA is completed.

2.1 Note for OTP token users

For employees who do not wish to install the Authenticator app on their private smartphone, the IT department can provide a so-called OTP token generator. This is a small device, similar to a USB stick, that generates the random code.

However, the IT department recommends using the app, as the battery in the OTP token has a limited lifespan, must be renewed after 1 to 2 years, and handling through the Authenticator app is generally simpler and more convenient.

Please contact IT department in case you need such a token, users with a business smartphone must use the app.

3. Setting up Sophos Connect software

This step to set up the Sophos Connect software only needs to be performed once.

The Sophos Connect software is typically installed by the IT department by default and should appear on your Windows desktop and/or in the Start menu:

Each user must independently download the configuration from the VPN portal and follow the instructions below to install it. This cannot be done by the IT department; it is an individual task that each user must perform themselves.

Open https://vpn-szh.vegatrans.com again, enter your Windows/email username as usual, but this time, add the current 6-digit code displayed in the Authenticator app or on the token behind your password:

Example: if your passwort ist MyPa$$w0rd and the app/token shows the code 123456 then enter MyPa$$w0rd123456 in the password field. Click the login button to proceed.

After successful login, download the configuration file, e.g. to your desktop:

Final step: Open the downloaded file by double-clicking on it:

In the background (without being visible to you), the Sophos Connect software will now be configured automatically. Open Sophos Connect, and you will see the configuration you just imported displayed there:

4. Establish Connection

The following steps must be performed each time you want to connect to the company network from remote office/via internet.

Open the Sophos Connect application
Click the Connect button
Enter your Windows/email username
Enter your Windows/email password followed by the current 6-digit code shown in the Authenticator app or on your token
Click the Login button
Wait for the connection to be established

Below are the screenshots for these steps:

It doesn't make sense to check the Safe user name and password (Benutzername und Kennwort speichern) box, as the password-code-combination changes with each login due to MFA.

That's it. You can now access all IT services.