Just a quick n simple how to
Let's concentrate on the Google Cloud Platform first:
Navigate to Networking>Hybrid Connections>VPN and click on the +Create button
In the Tunnels Section:
Click done and the platform will spin the VPN config into life.
On your XG Navigate to Configure>VPN> IPsec Connections:
*With the default IKEv2 policy I could not get the tunnel up - luckily looking at the logs showed that the GCP end only wanted to use DH2048 so cloning the IKEv2 policy and removing all but DH2048 out of the DH Group selection fixed this.
** Thus far I have been unable to raise more than one Child SA per tunnel - I'm pretty sure this is expected behaviour now as from the logs GCP VPN does not send more than one Child SA initialisation, work around here is to use a supernet or all encompassing subnet for the networks on your XG end, Or - bring up other tunnels making use of spare Alias WAN IP's on your XG, Or - masq/NAT your traffic. I'm still actively trying to find a cleaner work around and will update when i'm successful.
Once complete, save and switch on the VPN. The Google end may take a little time at first to bring up the tunnel and you may see "Waiting for full config" for a few mins before it successfully reports its up.
Don't forget your firewall rules.
Hope this helps, regards
Edit notes: Updated for single Child SA work around
Thanks for your submission James GLUK !
Thanks James GLUK Your suggestion has been published: Sophos XG Firewall: How to connect Google Cloud Platform with IPsec
I will send you a PM with your $20 Sophos Store voucher!