SETUP SSL SITE-TO-SITE VPN SOPHOS UTM

This article will introduce the step-by-step to setup SSL site-to-site VPN between two devices Sophos UTM.

 

STEP 1: CONFIGURING “SERVER” SSL SITE_TO_SITE VPN

• Login into the server’s WebAdmin
• Go to “Site-to-site VPN –> SSL –> Settings tab“ setup following:
  • Port: You can change (default port 443)
  • Override hostname: need “full domain name” or “IP public”

• Go to “Connections tab –> Click New SSL Connection”

• Configure the connection following:
  • Connections type: choose “Server”
  • Connections name: descriptive name for connections
  • Use static IP address:  Check to use it, if you have a dynamic physical IP address
  • Local Networks: drag the local networks, local host you would like allow access to remote UTM to route through the tunnel
  • Remote Networks: drag local network, local host you would like allow access on the remote UTM  through the tunnel
  • Check “automatic firewall rules” if you want create FW rules automatically
• Click “Save”
• Click “download” button to download a file configuring for client system (format  extension *.apc)

• Go to Site-to-Site VPN dashboard you will see same following picture:

STEP 2: CONFIGURING “CLIENT” SSL SITE_TO_SITE VPN

• Login into the Client’s WebAdmin
• Go to “Site-to-site VPN –> SSL –>Connections tab –> Click New SSL Connection”

• Configure the connection following:
  • Connections type: Choose “Client”
  • Connection name : descriptive name for connection.
  • configuration file: Click folder icon to upload file configure from “server” when you was downloaded this file.
  • Password: if the file configure be encryption, then you add password to decryption this file.
  • Check “automatic firewall rules” if you want create FW rules automatically
• Click “Save”
• Go to Site-to-Site VPN dashboard  you will see same following picture: connected successful!

• Go to Site-to-Site VPN dashboard  Server

Done, Thanks  your watching!