Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Sophos Central Firewall Manager maintenance scheduled for April 2nd, starting at 3:30am EDT. More info available here.
Applicable Version: 10.00 onwards
A digital certificate is an electronic "passport" that allows a person, computer or organization to exchange information securely over the Internet using the public key infrastructure (PKI). A digital certificate may also be referred to as a public key certificate.
Just like a passport, a digital certificate provides identifying information, is forgery resistant and can be verified because it was issued by an official, trusted agency. The certificate contains the name of the certificate holder, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures) and the digital signature of the certificate-issuing authority (CA) so that a recipient can verify that the certificate is real.
HO Network details
WAN IP address – 10.206.1.173
LAN IP address – 172.17.17.17
BO Network details
WAN IP address – 10.206.1.213
LAN IP address – 172.16.16.16
You must be logged on to the Web Admin Console of both HO and BO Cyberoam as an administrator with Read-Write permission for relevant feature(s).
Step 1: Upload HO Cyberoam’s Default CA to BO Cyberoam
A file named local_certificate_authority.tar.gz is downloaded. Store and uncompress the file. The file contains the CA Root Certificate in Two (2) Formats:
Click OK to save the HO Default CA in BO Cyberoam.
Step 2: Upload BO Cyberoam’s Default CA to HO Cyberoam
Configure and download the Default CA in BO Cyberoam and upload it on HO Cyberoam using similar steps as shown in step 1.
Step 3: Upload HO Cyberoam’s Digital Certificate to BO Cyberoam
Click OK to save certificate.
A file named HO_Certificate.tar.gz is downloaded. Store and uncompress the file. The file contains the following certificate files:
Click OK to save the certificate.
Step 4: Upload BO Cyberoam’s Digital Certificate to HO Cyberoam
Configure and download the Self-signed certificate in BO Cyberoam and upload it on HO Cyberoam using similar steps as shown in step 3.
Step 5: Configure IPsec Connection
Implement the following steps on HO Cyberoam.
Name to identify the IPSec Connection
Site to Site
Select policy to be used for connection
Action on VPN Restart
Select Authentication Type. Authentication of user depends on the connection type.
Select the local certificate that should be used for authentication by the appliance.
Select the remote certificate that should be used for authentication by remote peer.
Select local port which acts as end-point to the tunnel
Specify IP address of the remote endpoint.
Local Network Details
Select Local LAN Address. Add and Remove LAN Address using Add Button and Remove Button
Remote Network Details
Select Remote LAN Address. Add and Remove LAN Address using Add Button and Remove Button
Implement the following steps on BO Cyberoam
Select Type of connection.
Select the action for the connection.
Remote LAN Network
The above configuration establishes an IPSec connection between Two (2) sites.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.