Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 14008 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG failover VPN to AWS VPC

DavidOkeyode

Hi All,

I recently made a video on how to configure a failover VPN between a Sophos XG firewall and an Amazon AWS VPC. Here's the link to the video - https://www.youtube.com/watch?v=iwj8V8CeeUo

Please feel free to ask questions about this topic and I'll be happy to answer.



This thread was automatically locked due to age.
Parents
  • 0

    Hello DO,
       That is a great video-watched it many times. In my case, I'm trying to configure for UTMv9 using the vpn config file. I have the two tunnels in UP/Green status on both sides. I can ping the instance on my Test_VPC. I only have one VPC as a test-it runs a Linux AMI with ip address 10.16.2.83. I followed AWS doc. how-to configure PuTTY to load the key pair and I use ec2-user@10.16.2.83 to connect to console.

       I receive an error, "network error connection refused." I get the system logs for the instance but nothing there points to the problem exactly. My on-prem UTM has multiple internet interfaces grouped in uplink balancing. My Amazon VPC is configured on the topmost interface. Have you found the need to set a multipath rule so ssh traffic will force out a specific interface to touch the instance on amazon VPC?

       The Test_VPC is a private subnet. I cannot (do not want to) reach it from the internet. It is solely a private subnet with the hardware VPN access through my UTM's ipsec tunnel.

    Lot to consider but thanks, Patrick in Arizona

Reply
  • 0

    Hello DO,
       That is a great video-watched it many times. In my case, I'm trying to configure for UTMv9 using the vpn config file. I have the two tunnels in UP/Green status on both sides. I can ping the instance on my Test_VPC. I only have one VPC as a test-it runs a Linux AMI with ip address 10.16.2.83. I followed AWS doc. how-to configure PuTTY to load the key pair and I use ec2-user@10.16.2.83 to connect to console.

       I receive an error, "network error connection refused." I get the system logs for the instance but nothing there points to the problem exactly. My on-prem UTM has multiple internet interfaces grouped in uplink balancing. My Amazon VPC is configured on the topmost interface. Have you found the need to set a multipath rule so ssh traffic will force out a specific interface to touch the instance on amazon VPC?

       The Test_VPC is a private subnet. I cannot (do not want to) reach it from the internet. It is solely a private subnet with the hardware VPN access through my UTM's ipsec tunnel.

    Lot to consider but thanks, Patrick in Arizona

Children
No Data
Cookie Information Banner