Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table of Contents
Overview
The purpose of this document is to provide you with information on how to configure SD-WAN orchestration between the local branch and the head office using Sophos Central, whether it’s standalone or in HA.
Topology
Head Office Central Registration
Step 1:Status Deployment
Check the Status of deployment on web-admin, as shown in the screenshot below:
Step 2:Status of HA
Verify the Status of HA under CONFIGURE > System services > High availability
Step 3:Central Registration
Register on Sophos Central under SYSTEM > Sophos Central
Note: Please Register both the Firewalls if deployed in HA
Branch Office Central Registration
Step 1:Deployment status
Check the Status of deployment on web-admin, as shown in the screenshot below:
Step 2: Central Registration
Register on Sophos Central, Under SYSTEM > Sophos Central
SD-WAN Orchestration
Step 1: Creation of Group
Under Sophos Central > My Products > Firewall Management > Manage Firewalls > Firewalls.
Step 2: SD-WAN Connection Group
Under SD-WAN Connection Groups > Click on Create Connection Group
Sophos Central > My Products > Firewall Management > SD-WAN Connection Groups
Select the firewalls you wish to add under the SD-WAN Orchestration
Step 3: Adding Resources
Click Next to Add Resources for both the Firewalls with the drop-down menu:
Notes: Shared networks will be available to all firewalls that are part of this sharing group. You can Opt in for the following options given below:
- Automatically create firewall rules
- Limit Access to authenticated users
- Configure Synchronized Security Heartbeat
Step 4: Configuring Network
Click Next to Configure Network. Once done, click the finish button.
#Head Office - HA
#Branch Office – Standalone
Note – It can take up to 15-20 mins for the tunnel to come up
Note: If you opted for automatic firewalls, you’d be able to see in the firewall web admin
PROTECT > Rules and Policies
And you’ll be able to see the XFRM Interface under the CONFIGURE > Network > WAN Port > xfrm
And IPsec connection between the HO and BO can also be seen under the CONFIGURE > VPN > IPsec connections.
I hope this article has helped you achieve your requirement and clarified your doubts!
Updated Disclaimer
[edited by: Erick Jan at 1:18 PM (GMT -7) on 17 Apr 2023]
