I had to setup IPSEC VPN tunnel between our on-prem Sophos XG to AWS VPC so I started searching Sophos docs but couldn't find anything about it. So instead of me spending days trying to find the right setup and having a bunch of other things on my table, I opened the ticket with Sophos tech support to give me a quick how-to. Well ... to my surprise tech rep, whom they call "engineer", calmly and professionally told me that's basically mission impossible and we should buy third-party AWS appliance?! "Yes it works with UTM but not with XG, sorry. We are working on AWS implementation". I mean reeeeaaaaally, in 2018?
So definitely not IPSEC expert, but I tend to use my own brain every once in a while. So I compared AWS IPSEC requirements with what Sophos XG and guess what? There is nothing out of ordinary, basic stuff and aws specs are quite broad and flexible. And as a bonus Default IPSEC policy in Sophos XG has everthing you need to get going already?! So I gave it a spin and it worked right away, out of the freaking box. It took exactly 5 minutes to setup the whole thing. So why are these guys turning customers down and direct them to expensive solutions? Are they really engineers? I mean, I can't believe that no engineer in bloody Sophos tried to VPN to AWS. So to sum things up, IPSEC VPN to AWS actually works just fine and somebody in Sophos should write new default response script for Sophos tech reps. And yes don't call them engineers, please.
Sorry for the rant but I had to vent somewhere.
This thread was automatically locked due to age.
