Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 5668 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Need help with Sophos configuration BGP, IGW and default route selection

Yemi Fashina

Highlights of my company’s AWS architecture are as follows:

  1. My company would like to filter and monitor all traffic to and from the Internet; as such wants to utilize the path through our Direct Connect via on-prem Datacenter for Internet access, not the default IGW path from AWS.
  2. We are using BGP from on-prem to injected default route to Sophos over AWS tunnels, as path to the Internet.
  3. We current have achieved ingress (from Internet) through on-prem path, however, egress is defaulting to IGW; hence Asymmetric Routing.
  4. Need help with  limiting traffic on IGW to do just the following:
    1. Remove default route from IGW and use default injected to Sophos by BGP
    2. Establish a transit VPC with Sophos as CGW 
    3. Establish site-site VPN links between other VGWs and Sophos (CGW)
    4. Allow ports needed to establish/allow access to Sophos including 4443 and 4444)
    5. Allow BGP protocol (TCP 179)
    6. Probably more TBD to satisfy any AWS requirements
    7. Remote Access SSLVPN also need to flow through on-prem path.


This thread was automatically locked due to age.
Parents Reply Children
No Data
Unfiltered HTML