Sophos XG: How to configure IPSec VPN between firewall Sophos and Pfsense

This article explains how to configure IPSec VPN Site to Site between Sophos XG firewall and Pfsense firewall devices

This aritcle configured according to the following diagram:

How to configure

Configure on Sophos XG

Step 1: Create Local and Remote network area for XG device

  • Log in to Sophos XG by Admin account
  • Hosts and Services -> IP Host -> Click Add
  • Create Local Network
  • Enter name
  • Choose IPv4
  • Choose Network
  • In IP address -> Import Internal network

-> Click Save

  • Create Remote Network
  • Enter name
  • Choose IPv4
  • Choose Network
  • In IP address -> Import Remote network

-> Click Save

Step 2: Create IPSec connection on Sophos XG

  • VPN -> IPSec connections -> Click Wizard
  • Enter name
  • Click Start
  • Choose Site To Site
  • Choose IKEv2
  • Click >
  • Choose Preshared key
  • Enter Preshared key (using for both site)
  • Click >
  • Choose WAN port of Sophos XG
  • Choose Local Network which is created before
  • Click >
  • Enter IP WAN of Pfsense
  • Choose Remote Network which is created before
  • Click >
  • Choose Disabled
  • Click >
  • Click Finish
  • Click Active

Configure on Pfsense firewall

Step 3: Create IPSec connection on Pfsense (P1)

  • Log in to Pfsense firewall by Admin account
  • VPN -> IPSec -> Click Add P1
  • In Key Exchange version: Choose IKEv2 (same with Sophos)
  • In Internet Protocol: Choose IPv4
  • In Interface: Choose WAN
  • In Remote Gateway: Enter IP WAN of Sophos
  • In Authentication Method: Choose Mutual PSK
  • In Pre-Shared Key: Enter Preshared Key which the same with Sophos
  • In Encryption Algorithm: Choose AES -> 256 bits -> SHA256 -> 14 (2048 bit)
  • In Lifetime (Seconds): Enter 3600

-> Click Save

Step 4: Create IPSec connection (P2)

  • In Local Network: Choose Lan subnet
  • In Remote Network: Enter Local network of Sophos
  • In Protocol: Choose ESP
  • In Encryption Algorithms: Choose AES -> 256 bits (same with Sophos)
  • In Hash Algorithms: Choose SHA256

-> Click Save

Step 5: Create Firewall rule in Sophos to allow VPN and LAN network connect together

Step 6: Click Connection to finish

Configure create Firewall rule for Pfsense to finish

** If you have difficulty configure Sophos products in VietNam, please contact us:

Hotline: 02862711677



Leave a Reply

Your email address will not be published.