Hello Community,
I have set up IPSec tunnels with XFRM tunnel interfaces between the Sophos XG firewalls. For routing, I configured static routes. Using different weights, traffic can take a different path if one route fails. This works very well in my small test setup with 3 firewalls.
Since our network is somewhat larger, I would build the whole thing with OSPF. What I spontaneously unfortunately did not succeed.
I have mur found a tutorial that sets up OSPF with GRE tunnels. In a video about the setup of XFRM it is mentioned that this cannot be combined with GRE. Is there a setup guide for XFRM and OSPF?
Sophos XG Firewall (v18): Route Based VPN - Recommended Reads - XG Firewall - Sophos Community
Sophos XG Firewall: How to configure OSPF over IPsec VPN
I also have a question about the IP addresses on the XFRM interfaces. In my test setup I used the same /24 network on all firewalls. In the HQ I put all XFRM interfaces in the /24 network. With this, the routing between the sites works. The question is, is this best practice? Or should each XFRM interface be put into a /30 or even a /32 and should the IP addresses of the XFRM interfaces be unique across all sites?
Thanks,
Ben
This thread was automatically locked due to age.
