Sophos XG V18: Guide to setup Leased Line and Routing between 2 sites

November 12, 2019 Micheal Firewall, Sophos 0

1.Overview

  • This article will guide how to connect clients between 2 sites run Sophos XG Firewall.

2.Diagram and Scenario

  • As the diagram shows, we have two sites run Sophos XG 310 and Sophos XG 85.
  • They are connected to each other via a leased line.
  • The problem to solve here is we are not able to ping or remote access between 192.168.1.0/24 network and 172.16.16.0/24 network.
  • This article will help you solve that problem.

The article incudes the following sections

1. Overview

2. Diagram and Scenario

3. Configuring

  • 3.1 Create Policy allow traffic from LAN to WAN on each device
  • 3.2 Check the connection from client to Leased Line on each device
  • 3.3 Config Routing on each device
  • 3.3.1 On Sophos XG 310
  • 3.3.2 On Sophos XG 85
  • 3.4 Create policy allow traffic from WAN to LAN

4. Result

3.Configuring

3.1 Create Policy allow traffic from LAN to WAN on each device.

  • We will create policy allow traffic from LAN to WAN on each device.
  • This will allow clients in LAN can ping or access to WAN.
  • Sophos XG 310 : Go to Rules and policies > Firewall rules > Add firewall rule and fill in the following paremeters.
  • On Sophos XG 85 : Go to Firewall > Add firewall rule > User/Network Rule and fill in the following paremeters.

3.2 Check the connection from client to Leased Line on each device

  • Perform ping from the client in Sophos XG 310 to Lease Line.
  • Perform ping from the client in Sophos XG 85 to Lease Line.

3.3 Config Routing on each device

  • To be able to perform ping or access between clients in Sophos XG 310 and Sophos XG 85, we have to config Routing to route traffic to it.

3.3.1 On Sophos XG 310

  • Go to Routing > Static Routing > IPv4 Unicast Route > Add and fill in the following parameters.

3.3.2 On Sophos XG 85

  • Go to Routing > Static Routing > IPv4 Unicast Route > Add and fill in the following parameters.

3.4 Create policy allow traffic from WAN to LAN.

  • To ping or access from Sophos XG 310 to client in Sophos XG 85 and vice versa, we need create policy allow traffic from WAN to LAN.
  • On Sophos XG 310 : Go to Rules and policies > Firewall rules > Add firewall rule and fill in the following paremeters.
  • On Sophos XG 85 : Go to Firewall > Add firewall rule > User/Network Rule and fill in the following paremeters.

4. Result

  • To check connection, we will perform tracert between clients in Sophos XG 310 and Sophos XG 85.
  • Tracert result from client in Sophos XG 85 to the client in Sophos XG 310.
  • Tracert result from client in Sophos XG 310 to the client Sophos XG 85.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.