Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 39 subscribers
  • Views 1471 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Need help setting up a Hub and spoke environment with HA or Redundancy and an additional BGP connection to a separate WAN

Seun Morafa1

Dear Experts,

 

I humbly seek your assistance on setting up a network.

It is a unique setup that has been done in the past with Cisco devices... I would like to introduce Sophos devices but want to ensure I can provide all required features.

I have tried to create a diagram to show what is required... we also need the following requirements covered:

Networking Hardware

  • BGP compatible
  • hub and spoke
  • Redundancy/HA
  • Scale to 60 sites (spokes)
  • Client to server connections from tabs and laptops

 

My Question is, do you think I can achieve this same setup with Sophos devices?Network Layout.pdf

 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara

    Thanks a lot @Iferrara I appreciate the links.

     

    I have gone through both KB's and can deduce the sophos devices can run the BGP protocol and run VPN connectivity.

    I was just wondering if anyone has a similar setup in production and if there are any issues I should be aware of... particularly around throughput and speed.

    Lastly, Is is possible to run another hub as a failover and have all the spokes point to it as well in the case of the first failing?

  • 0 in reply to Seun Morafa1

    Seun,

    I am not sure if you can achieve this by creating failover group for IPSec.

    https://community.sophos.com/kb/en-us/123305

    I never tried to have failover group for hub and spoke.

    If you can try, please let the community know.

    Thanks

  • 0 in reply to lferrara

    Iferrara,

     

    I'm not sure this KB answers my question.. Let me ask it in different way.

     

    Is it possible to have 2 VPN connections on a sophos device (spoke). If the answer is yes, then that should answer my question I think..  If there is always an existing tunnel, clients should be able to always reach the targeted resources... correct me if I'm wrong please.

Unfiltered HTML