I am running IP-sec s2s vpn between branch(Sophos- CR25ING, XG v17.5 ) to HQ (Palo Alto-5220), vpn established and working fine.
for better security and filter, we need all traffic should be routed through HQ, how can we achieve this?
I have not found any proper doc
anybody has solution?
Thanks in advance
Either expose the web interface on the wan port, or configure a Client VPN to connect to the Sophos and allow Web interface in Device Access
Hi Mr Prince,
Thank you for reaching out to the Community!
If you require all the branch office traffic to use the HQ firewall as a gateway, you can add "Any" in the remote local network. You would also have to make some changes to the HQ firewall; you probably need to configure the firewall rule to allow all the BO traffic. On the BO, ensure that LAN to VPN rule is on top.
Community Support Engineer | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
we have local subnet-any in vpn>ipsec connections setting and now as u suggested will make remote subnet add any, is it right?
sure we will create a reverse route at HQ FW. any precaution to avoid any remote access fails while working
what happens if the tunnel goes down? then how can take remote of sophos xg
Gavin Daniels. DipIT(Networking)