This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG <-> Fortigate IPSec Site-to-Site tunnel with multiple subnets

Hi All,

I setup a site-to-site tunnel between Sophos XG an Fortigate. Setup was pretty easy and tunnel is up and working fine with one subnet on each side. However I have more subnets on remote site.

Local (Sophos XG) Remote Site (Fortigate)

1.1.1.0/24 2.2.2.0/24 ; 3.3.3.0/24

Connection to the second subnet isn't comming up.

Has someone already setup a similar Setup.

Regards, Juergen

This thread was automatically locked due to age.

Parents

0 FormerMember over 5 years ago

Hi jjuergenn

Thank you for reaching out to the community!

Is this second subnet added to the local networks at the remote site?

Could you please provide the strongswan logs from the XG firewall?

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 jjuergenn over 5 years ago in reply to FormerMember

Hi Patel,

thanks for you answer.

Well so far we haven't found a way to add the second subnet on fortigate site. Be honest, we think this is not a issue on Sophos Firewall. It is mor or less a question whether it is in generell possible to route multiple subnet within one site-to-site tunnel betweeen Sophos and fortigate.

Thanks a lot for your support.

Regards, Juergen
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jjuergenn over 5 years ago in reply to FormerMember

Hi Patel,

thanks for you answer.

Well so far we haven't found a way to add the second subnet on fortigate site. Be honest, we think this is not a issue on Sophos Firewall. It is mor or less a question whether it is in generell possible to route multiple subnet within one site-to-site tunnel betweeen Sophos and fortigate.

Thanks a lot for your support.

Regards, Juergen
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 jjuergenn over 5 years ago in reply to jjuergenn

Hi Patel,

we followed this manual

https://www.sophos.com/en-us/medialibrary/PDFs/documentation/SophosFirewall/Pocket-Guides/Establish-IPsec-VPN-Connection-between-Sophos-and-Fortigate-with-IKEv2.pdf

strongswan log is attached

Regards, Juergen

4035.strongswan.zip
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 5 years ago in reply to jjuergenn

Hi jjuergenn,

Yes, it is possible to add multiple networks within one IPsec site to site tunnel on XG firewall. Please ensure that you add local and remote subnet at both firewalls.

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 jjuergenn over 5 years ago in reply to FormerMember

Hi Patel,

I can't see a Option on Fortigate site to add more than one subnet.

These guys having the same Problem

https://community.sophos.com/products/xg-firewall/f/vpn/113604/site-to-site-vpn-sophos-xg-to-fortigate

Unfortunately I do not understand the sotion/Workaround.

Regards, Juergen
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 5 years ago in reply to jjuergenn

Hi jjuergenn

There are two networks added on the XG side under remote networks; you just have to figure out the way to add the second network in Fortigate sites' local network.

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 AMP over 5 years ago in reply to jjuergenn

Hi Juergen, of course you can add More than one Phase2 subnet on the fortigate. You have to click on a small „+“ symbol in the phase2 Settings to add settings a second subnet. forum.fortinet.com/.../tm.aspx regards , Adrian
Cancel
Vote Up 0 Vote Down

Cancel