Sophos XG: How to configure IPSec VPN between firewall Sophos and Pfsense

April 24, 2019 Vincent Sophos 3

This article explains how to configure IPSec VPN Site to Site between Sophos XG firewall and Pfsense firewall devices

This aritcle configured according to the following diagram:

How to configure

Configure on Sophos XG

Step 1: Create Local and Remote network area for XG device

  • Log in to Sophos XG by Admin account
  • Hosts and Services -> IP Host -> Click Add
  • Create Local Network
  • Enter name
  • Choose IPv4
  • Choose Network
  • In IP address -> Import Internal network

-> Click Save

  • Create Remote Network
  • Enter name
  • Choose IPv4
  • Choose Network
  • In IP address -> Import Remote network

-> Click Save

Step 2: Create IPSec connection on Sophos XG

  • VPN -> IPSec connections -> Click Wizard
  • Enter name
  • Click Start
  • Choose Site To Site
  • Choose IKEv2
  • Click >
  • Choose Preshared key
  • Enter Preshared key (using for both site)
  • Click >
  • Choose WAN port of Sophos XG
  • Choose Local Network which is created before
  • Click >
  • Enter IP WAN of Pfsense
  • Choose Remote Network which is created before
  • Click >
  • Choose Disabled
  • Click >
  • Click Finish
  • Click Active

Configure on Pfsense firewall

Step 3: Create IPSec connection on Pfsense (P1)

  • Log in to Pfsense firewall by Admin account
  • VPN -> IPSec -> Click Add P1
  • In Key Exchange version: Choose IKEv2 (same with Sophos)
  • In Internet Protocol: Choose IPv4
  • In Interface: Choose WAN
  • In Remote Gateway: Enter IP WAN of Sophos
  • In Authentication Method: Choose Mutual PSK
  • In Pre-Shared Key: Enter Preshared Key which the same with Sophos
  • In Encryption Algorithm: Choose AES -> 256 bits -> SHA256 -> 14 (2048 bit)
  • In Lifetime (Seconds): Enter 3600

-> Click Save

Step 4: Create IPSec connection (P2)

  • In Local Network: Choose Lan subnet
  • In Remote Network: Enter Local network of Sophos
  • In Protocol: Choose ESP
  • In Encryption Algorithms: Choose AES -> 256 bits (same with Sophos)
  • In Hash Algorithms: Choose SHA256

-> Click Save

Step 5: Create Firewall rule in Sophos to allow VPN and LAN network connect together

Step 6: Click Connection to finish

Configure create Firewall rule for Pfsense to finish

** If you have difficulty configure Sophos products in VietNam, please contact us:

Hotline: 02862711677

Email: info@thegioifirewall.com

3 Comments

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.