Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Subscribers 29 subscribers
  • Views 470 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN configuration under a Dual-WAN infrastructure ?

J Thai

Hello everyone,

I am using the Sophos XG (Home) v18.5 firewall router with 2 WAN lines running load balance. Now that I look forward to setting up a VPN profile for remote administration, I want this VPN connectivity to be accessible even if my WAN IP changes suddenly (e.g. failover).

The Sophos XG Firewall supports several types of VPN, I am looking at the possibility of deploying an SSL VPN by TCP protocol for the ease of use and commonality. Will this work for me ? If not, what other kinds of VPN or configurations will ? Also, do I need a DDNS account in order for this firewall to broadcast my WAN IP to the VPN connection in case of failover ?

Thank you in advance.



This thread was automatically locked due to age.
Parents
  • +1

    If you don't have a static IPv4 on both WAN interfaces you will need to use DDNS for both, but if one of the WAN IP's are static you only need DDNS for the secondary WAN.

    If you already have a domain you can check if the DDNS provider is available on the Firewall, if not (and since you're a home user) you can either use DNS-O-Matic or migrate your domain DNS to Cloudflare.

    J Thai said:
    The Sophos XG Firewall supports several types of VPN, I am looking at the possibility of deploying an SSL VPN by TCP protocol for the ease of use and commonality. Will this work for me ?

    With DDNS, yes. (And if you can use SSL VPN (OpenVPN) with TCP at 443.)

    Just a reminder, on the SSL VPN configuration you need to use your static IPv4 (If available), then edit the config and manually add the secondary remote; Example:

    remote 1.1.1.1 443 tcp-client
remote vpn.domain.com 443 tcp-client

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

Reply
  • +1

    If you don't have a static IPv4 on both WAN interfaces you will need to use DDNS for both, but if one of the WAN IP's are static you only need DDNS for the secondary WAN.

    If you already have a domain you can check if the DDNS provider is available on the Firewall, if not (and since you're a home user) you can either use DNS-O-Matic or migrate your domain DNS to Cloudflare.

    J Thai said:
    The Sophos XG Firewall supports several types of VPN, I am looking at the possibility of deploying an SSL VPN by TCP protocol for the ease of use and commonality. Will this work for me ?

    With DDNS, yes. (And if you can use SSL VPN (OpenVPN) with TCP at 443.)

    Just a reminder, on the SSL VPN configuration you need to use your static IPv4 (If available), then edit the config and manually add the secondary remote; Example:

    remote 1.1.1.1 443 tcp-client
remote vpn.domain.com 443 tcp-client

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML