Sophos XG firewall device: How to create IPsec VPN connection between the central office and two branch offices

Overview

  • This article describes steps to configure IPsec VPN between the central branch and the secondary branch on Sophos Firewall. For a specific example, there is a network diagram illustrating the IPsec VPN connection between the central branch is the Sophos Firewall 1 and branch offices at Sophos Firewall 2 and Sophos Firewall 3.

Configuring on Sophos Firewall 2

Add local và remote LAN

  • Go to Hosts and services > IP Host > Add to Add local và remote LAN as shown below.

Create IPsec VPN connection to Sophos Firewall 1

  • Go to VPN > IPsec Connections và Click Add. Create connection with the parameters as shown below.
  • Click Save to create connection.

Add 2 firewall rule allow VPN traffic

  • Go to Firewall > +Add Firewall Rule. Create User/Network Rule with the parameters as show below.
  • Click Save to create rule.

Start the newly created IPsec connection

  • When clicking Save, the following screen is displayed, showing the previously created connection.
  • Click the red circle icon below the Status column (Active) to activate the connection.

Configuring on Sophos Firewall 3

Add local và remote LAN

  • Go to Hosts and services > IP Host > Add to add local và remote LAN as shown below.

Create IPsec VPN connection to Sophos Firewall 1

  • Go to VPN > IPsec Connections và Click Add. Create connection with the parameters as shown below.
  • Click Save to create connection.

Add 2 firewall rule allow VPN traffic

  • Go to Firewall > +Add Firewall Rule. Create User/Network Rule with the parameters as shown below.
  • Click Save to create rule.

Start the newly created IPsec connection

  • When clicking Save, the following screen is displayed, showing the previously created connection.
  • Click the red circle icon below the Status column (Active) to activate the connection.

Configuring on Sophos Firewall 1

Add local và remote LAN

  • Go to Hosts and services > IP Host > Add to add local và remote LAN as shown below.

Create IPsec VPN connection to Sophos Firewall 2

  • Go to VPN > IPsec Connections và Click Add. Create connection with the paramaters as shown below.
  • Click Save to create connection.

Start the newly created IPsec connection

  • When clicking Save, the following screen is displayed, showing the previously created connection.
  • Click the red circle icon below the Status column (Active) to activate the connection.

Create IPsec VPN connection to Sophos Firewall 3

  • Go to VPN > IPsec Connections và Click Add. Create connection with the parameters as shown below.
  • Click Save to create connection.

Start the newly created IPsec connection

  • When clicking Save, the following screen is displayed, showing the previously created connection.
  • Click the red circle icon below the Status column (Active) to activate the connection.

Add 2 firewall rule allow VPN traffic

  • Go to Firewall > +Add Firewall Rule. Create User/Network Rule with the paramaters as shown below.

Establish

  • When all Sophos XG Firewall devices in the main office and branch offices are configured, set up connections between them by clicking on the red circle icon below the Status (Connection) column.
  • Use computers at the LAN layer of all three Sophos XG Firewall devices to ping each other and we will see that the ping is successful.

Be the first to comment

Leave a Reply

Your email address will not be published.


*