VPN Unlimited and SOPHOS XG Firewall?

Anyone using a VPN vendor like VPN Unlimited with your SOPHOS XG Firewall? I would like to set up my SOPHOS XG router so that when my PCs connect locally to my XG home network their outbound traffic passes thru a VPN Unlimited server. I do this already with my Untangle home network and it works beautifully. BTW, I don't have any SOPHOS hardware.

  • Hi  

    Thank you for contacting us.

    Unfortunately, we cannot integrate any third party VPN with XG firewall.

    You can configure IPsec or SSL VPN to connect to other devices or access local network using SSL VPN. Please refer the given links

    https://community.sophos.com/kb/en-us/122769

    https://community.sophos.com/kb/en-us/123140

  • In reply to Keyur:

    Can I create a VPN tunnel from SOPHOS XG to one of the VPN Unlimited servers? What I am trying to accomplish is for any local user who logs in to my LAN and attempts to access the internet will do so thru a VPN tunnel automatically.

  • In reply to callengodfrey:

    Hi  

    If "VPN Unlimited Servers" allows you to create IPsec Site to Site VPN tunnel using XG firewall VPN policy, in IPsec VPN configuration make sure remote network should be "any" and create LAN to VPN firewall rule and position it on top of the firewall rules. but we do not have any official support for this scenario.

  • I would like the same feature: to import a ovpn file to act as an VPN client for site-to-site connectivity. Right now the 'Add SSL VPN site-to-site client connection' form only accepts .apc or .epc file  which from my understanding is some old style type not producible by OpenVPN. 

  • In reply to CyberA:

    Because Sophos XG and SG uses a self programmed SSL VPN Site to Site method, not compatible for OpenVPN. 

    https://community.sophos.com/kb/en-us/122771

    XG / SG cannot act as a SSL VPN Client. 

     

    You need to create SSL VPN Remote Access. 

    https://community.sophos.com/kb/en-us/122769

  • In reply to LuCar Toni:

    So correct me if I am wrong, but even though my VPN vendor (VPN Unlimited) provides me importable config files for both OpenVPN and IPSEC, I can't use them because Sophos XG uses a self programmed SSL VPN Site to Site method?

  • In reply to callengodfrey:

    VPN Unlimited seems to be a "Consumer" Solution to get a VPN Tunnel. 

    Keep in Mind, XG is still a Business product with focus to resolve business cases. 

    Most costumers do not need such a solution (VPN to a provider to get another Internet Outbreak).

    I would guess, "maybe" IPsec Site to Site "could" work to VPN unlimited. But you need to recreate the config depending on the Config of the file. 

  • In reply to LuCar Toni:

    Yes, VPN Unlimited is a consumer VPN product. It is a requirement of mine that all internet connections from my home network go thru a VPN tunnel. Unfortunately, it appears that SOPHOS XG does not support this. I had really hoped to replace Untangle with SOPHOS XG, but that is not possible without this feature. I will be shutting down my SOPHOS test system now. Hopefully this support will be made available at some point in the near future.

  • In reply to callengodfrey:

    I doubt very much that XG will support a home function VPN. You could try as LuCar has suggested.

    Putting all traffic through a VPN basically defeats most of the security checks the the XG offers so you might as well have a cheap home router.

    Ian

  • I disagree. An OpenVPN client/server package (as needed by some VPN providers) would make SophosXG a more attractive business product. When viewing networks/VPN on a large scale, there are numerous use-cases for this, especially in a hub/spoke VPN topology. OpenVPN would also make the XG more flexible when connecting to third party firewalls. Using the VPN as an internet breakout would only be a routing issue, which could be solved by e.g. using tunnel interfaces. But I guess that Sophos would like the customer to use Sophos only, and no 3rd party products. Pity, since I was also considering to migrate to Sophos.