Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 26 subscribers
  • Views 591 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos xgs on prem Firewall Ipsec tunnel to Azure sophos xg firewall

justin mcdonald

Hi all

As per the subject we are busy testing to see if we can establish a site to site vpn tunnel between our on prem Sophos firewall and a newly created virtual Sophos xg firewall in Azure but we cant seem to get the tunnel to come up. So firstly is this even possible to do? and if so is there any specific settings that we need to use in both azure and on the Sophos firewalls to get the firewalls communicating?  I am fairly new to Sophos firewalls so it could be iam just missing something....

Thanks



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to justin mcdonald

    Hello Justin,

    Yes, it’s possible! 

    What Firmware version are you running in your Prem Firewall?

    Make sure the Azure Firewall is the initiator of the tunnel and the Prem, is the responder. and of course that the IPsec policy matches in both ends.

    Also in the Local ID type and Remote ID type, enter a made-up Local ID and Remote ID using email format:

    E.g in Azure Firewall

    Local ID = 123@abc.com

    Remote ID = 789@abc.om

    On Prem Firewall

    Local ID = 789@abc.com

    Remote ID = 123@abc.com

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hi Emmanuel

    Thanks for the reply,  on prem firewall is running "SFOS 19.0.1 MR-1-Build365" and Azure is running "SFOS 19.5.0 GA-Build197".

    I can confirm IPsec policy match on both ends and i have setup local and remote ID as describe, Also the azure firewall is the initiator.

    Suppose another question is, do i need "Azure Local Network Gateway" setup? i assumed we would only need this if we were setting up the tunnel direct to azure and not to another sophos firewall? And finally do we need to open up ipsec ports in Azure? 

    Thanks

Unfiltered HTML