Site-to-Site SSL VPN with Public IP from SSL VPN server?

Hi Krufka,

Thank you for reaching out to Sophos Community.

SSL VPN (site-to-site) is used to provide access between internal networks over the internet using P2P encrypted tunnel.

I'd suggest configuring an IPsec VPN to route branch office internet traffic through head office XG.

You may either configure policy-based or route-based VPN between head office and branch office and then route internet traffic through head office XG.

==> Follow the below steps for policy-based VPN:

1. Configure an IPsec tunnel between head office and branch office XG firewall.

Click here to know more information on 'How to configure IPsec site to site VPN'

2. Then refer the article below to route branch office internet traffic through the head office.

support.sophos.com/.../KB-000035798

==> Follow the below steps for route-based VPN:

1. Set up route-based VPN between head office and branch office.

Click here to know more information on 'How to configure route-based VPN on XG'

Sophos Techvid: techvids.sophos.com/.../zFSwU1CCd3AYrFHGjnvbRe

2. Configure destination network as ANY(0.0.0.0/0) while adding a static route or SD-WAN policy route with the xfrm interface at the branch office end.

3. Add VPN to WAN firewall rule at head office end to allow internet access to branch office machines.

Thanks! I went with first option (policy-based VPN) and it works! Just remember in the end to change subnets like it is advised.