Sophos Firewall: How to configure allow Users SSL VPN Remote Access connect with IPsec site to site VPN.

1.Overview

SSL VPN Remote Access with IPsec Site to Site VPN are all features that allow connecting users at multiple sites or not present in the internal network to access the system’s resources.

2. Network Diagram

This article will guide you how to configure allowing users to use Sophos Connect Client to connect to Remote Network via IPSec site to site VPN.

The article will not go into detail about configuring SSL VPN Remote Access and IPSec site to site VPN, you can refer to the following links:

SSL VPN Remote Access: https://www.thegioifirewall.com/sophos-xg-firewall-huong-dan-cau-hinh-remote-access-ssl-vpn-voi-sophos-connect-client/

IPSec site to site VPN: https://www.thegioifirewall.com/video-huong-dan-cau-hinh-ipsec-vpn-site-to-site-giua-hai-thiet-bi-sophos-firewall/

3. Instructions

3.1. Configuration on Sophos Firewall 1

Step 1: Create Hosts & Services.

On the administrative interface Sophos Firewall 1 > System > Host & Services > IP host > Add. Create Remote Network.

Scroll up to Configure > Remote Access VPN (SFOS v19) > SSL VPN. Scroll down to Tunnel Access > Permitted network resources (IPv4) > Add Remote Network created.

Next you need to define SSL VPN Range. You go to Configure > Remote Access VPN (SFOS v19) > SSL VPN > SSL VPN Global Settings.

IP SSL VPN Range is 10.81.234.5/24.

You will create SSL VPN Network in Host & Services.

Next you configure in IPSec Connections. You add SSL VPN Range to Local Subnet.

Step 2: Configure Firewall Rule.

Create a firewall rule as shown below.

Next you need to enable Ping for Zone VPN. You go to System > Administraion > Device Access.

3.2. Configuration on Sophos Firewall 2

Step 1: Create Host & Service.

You will create IP Host as Internal Network.

Create SSL VPN Range as Sophos Firewall 1

Hình ảnh này chưa có thuộc tính alt; tên tệp của nó là image-4607-1024x323.png

Step 2: Configure IPSec Connections.

You add SSL VPN Range to the Remote Subnet section.

Step 3: Configure Firewall Rule.

You create a firewall rule as shown below.

Next you also need to enable Ping for Zone VPN.

Hình ảnh này chưa có thuộc tính alt; tên tệp của nó là image-4611-1024x418.png

So you have configured VPN policies and firewall rules, so traffic from SSL VPN will connect to remote network through VPN Tunnel.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.