Hello,
we have bought an XG 210 and XG125 (EnterpriseProtect license) to change the previous internet gw/firewall (kerio control). We have 2 sites (40km apart) and XG210 will be deployed in SiteA and XG125 in SiteB. All the site have 5 Vlans each (server/workstation/wifi/guest/voip).
Actually all the routing inside the 2 sites vlans is done via 2 HP2920 layer 3 switch at each site and the 2 kerio control appliance are connected via 2 trunk to the switch (in a router on a stick configuration).
The sites are connected via site to site propietary kerio control vpn system (based on opnevpn).
My question is: could i leave active the router on a stick configuration or i will loose some of the protection that sophos xg would bring to the network? (like IPS and the other licensed function and threat mitigation?) or i have to leave all the routing done by the XG?
My only preoccupation is that i would like to not loose the routing if i update or reboot the xg. Some mapped iscsi drive with exchange db will not be very happy..
And what is the best practice to create a site to site vpn connection with the xg? on kerio the site to site vpn was "smart", in the way that if i create a custom route on SiteA kerio automatically update routing on siteB with the new route, so routing was very easy... There is something like that on the xg?
thanks to anyone would reply
This thread was automatically locked due to age.