Sophos XG firewall device: How to create IPsec VPN connection between the central office and two branch offices

Overview

  • This article describes steps to configure IPsec VPN between the central branch and the secondary branch on Sophos Firewall. For a specific example, there is a network diagram illustrating the IPsec VPN connection between the central branch is the Sophos Firewall 1 and branch offices at Sophos Firewall 2 and Sophos Firewall 3.

Configuring on Sophos Firewall 2

Add local và remote LAN

  • Go to Hosts and services > IP Host > Add to Add local và remote LAN as shown below.

Create IPsec VPN connection to Sophos Firewall 1

  • Go to VPN > IPsec Connections và Click Add. Create connection with the parameters as shown below.
  • Click Save to create connection.

Add 2 firewall rule allow VPN traffic

  • Go to Firewall > +Add Firewall Rule. Create User/Network Rule with the parameters as show below.
  • Click Save to create rule.

Start the newly created IPsec connection

  • When clicking Save, the following screen is displayed, showing the previously created connection.
  • Click the red circle icon below the Status column (Active) to activate the connection.

Configuring on Sophos Firewall 3

Add local và remote LAN

  • Go to Hosts and services > IP Host > Add to add local và remote LAN as shown below.

Create IPsec VPN connection to Sophos Firewall 1

  • Go to VPN > IPsec Connections và Click Add. Create connection with the parameters as shown below.
  • Click Save to create connection.

Add 2 firewall rule allow VPN traffic

  • Go to Firewall > +Add Firewall Rule. Create User/Network Rule with the parameters as shown below.
  • Click Save to create rule.

Start the newly created IPsec connection

  • When clicking Save, the following screen is displayed, showing the previously created connection.
  • Click the red circle icon below the Status column (Active) to activate the connection.

Configuring on Sophos Firewall 1

Add local và remote LAN

  • Go to Hosts and services > IP Host > Add to add local và remote LAN as shown below.

Create IPsec VPN connection to Sophos Firewall 2

  • Go to VPN > IPsec Connections và Click Add. Create connection with the paramaters as shown below.
  • Click Save to create connection.

Start the newly created IPsec connection

  • When clicking Save, the following screen is displayed, showing the previously created connection.
  • Click the red circle icon below the Status column (Active) to activate the connection.

Create IPsec VPN connection to Sophos Firewall 3

  • Go to VPN > IPsec Connections và Click Add. Create connection with the parameters as shown below.
  • Click Save to create connection.

Start the newly created IPsec connection

  • When clicking Save, the following screen is displayed, showing the previously created connection.
  • Click the red circle icon below the Status column (Active) to activate the connection.

Add 2 firewall rule allow VPN traffic

  • Go to Firewall > +Add Firewall Rule. Create User/Network Rule with the paramaters as shown below.

Establish

  • When all Sophos XG Firewall devices in the main office and branch offices are configured, set up connections between them by clicking on the red circle icon below the Status (Connection) column.
  • Use computers at the LAN layer of all three Sophos XG Firewall devices to ping each other and we will see that the ping is successful.

5 Comments

  1. Thank you a lot for giving everyone an extremely memorable chance to read in detail from this site. It is often so ideal plus packed with a great time for me and my office acquaintances to search the blog at the least 3 times in a week to read the fresh items you have got. Not to mention, I’m just always satisfied with your astounding tricks served by you. Some two areas in this post are indeed the most beneficial we have had.

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.