This article will describe how to set up a Site-to-Site SSL VPN between two Sophos Firewalls. You will learn how to configure the server and then how to set up and connect with the client.
Applies to the following Sophos products and versions Sophos Firewall
Before getting started, select a Sophos Firewall to be the server and one to be the client. It is good practice to select the more powerful unit if there is a difference in models. If there is one system with a dynamic IP address and another with a static IP address, use the static IP system as the server.
Note: The SSL S2S VPN compatibility between Sophos XG Firewall and Sophos UTM only works with the XG as server and the UTM as the client.
Go to Hosts and Services > IP Host and select Add to create the local LAN.
Go to Hosts and Services > IP Host and select Add to create the remote LAN.
Go To VPN > SSL VPN (Site to Site) and click Add under the Server heading.
Once you click Save, the conncetion is created. Click on the download icon to the right of your new server connection.
A pop up window will appear. Click the download button to download the file that will be used to configure the client system. It will download a file in .apc format. Supply a password in order to encrypt the file, if required.
Go to Firewall > + Add firewall rule and choose User/network rule.
Go to VPN > SSL VPN(Site to Site) and click Add under the Client heading.
Go to Firewall > + Add firewall rule and choose User/network rule to add a firewall rule allowing inbound and outbound SSL VPN traffic.
The tunnel is functional when the status shows green. If the status shows red then this indicates the tunnel has not established and you should review your settings.
You should also see traffic through the SSL VPN connection.
Go to Reports > VPN and verify the SSL VPN Site-to-Site usage.
The settings under VPN > Show VPN Settings > SSL VPN are generally left in default status. Here are some of the most common changes that may need to be made.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.