Sophos XG: Configuring Site-to-Site IPSec VPN with Failover Group

Sophos XG Firewall allows VPN failover by allowing you to set multiple remote endpoints for a single IPsec connection. It ensures that your VPN connection is safe from the risks.

In my scenario, HO will has 1 GW and BO will have 2 GW.

  • HO Site:
    • GW: 172.16.10.131
    • LAN: HO/24
  • BO Site:
    • GW1: 172.16.10.240
    • GW2: 172.16.10.241
    • LAN: BO/24

Configuration

Step 1: Create  IPsec Connections at HO

Go to: System > VPN > IPsec > “Add”

  • Connection Type:  Site to Site
  • Policy: DefaultHeadOffice
  • Action on VPN Restart: Respond Only
  • Authentication Type: Any (Preshared key is my option)
  • Endpoints Details:
    • Local: 172.16.10.131
    • Remote: *
  •  Network Details: Fill your local and remote Network

Step 2: Create  IPsec Connections at BO

Go to: System > VPN > IPsec > “Add”

  • Connection Type:  Site to Site
  • Policy: DefaultBranchOffice
  • Action on VPN Restart: Initiate
  • Authentication Type: Any (Preshared key is my option)
  • Endpoints Details: You need add an endpoint.
    • Local: 172.16.10.240
      Local: 172.16.10.241
    • Remote: 172.16.10.131

Failover VPN1

  •  Network Details: Fill your local and remote Network

Step 3: Active IPsec Connections

Failover VPN2

**Note: Don’t forget to create rule for VPN
Watch my video:

Thanks!

 

 

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.