Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hub and Spoke with Sophos as HO and Fortigate as Branches

We will migrate our Fortigate to Sophos XG, and one of our requirement is to create a IPsec site to site with Sophos XG 3300 ( as HUB or Head office) to small FortiGate in client branches (as Spoke).

The problem is, I don't see any KB/Doc about creating it with unknown remote gateway which mean the hub accepts connections from peers with appropriate encryption and authentication settings.

I estimate there will be a 150 or more branches that will be connected to it, and the WAN IP are dynamically assigned by their ISP. 

If your familiar with FortiGate firewall, the goal is setup is like a DialUp User IPsec tunnel in Sophos XG.



This thread was automatically locked due to age.
Parents
  • Hello,

    Good day and thanks for reaching out to Sophos Community

    For:

    -Sophos XG IPsec Configuration/HO  - Gateway Type: (Initiate the tunnel from Sophos XG)

    Local Gateway - WAN Interface of the Sophos XG

    Remote Gateway - *

    Then for Fortigate - Remote End device IPsec Configuration/BO (Respond/Dial-up Only)

    Local Gateway - WAN Interface

    Remote Gateway - Sophos XG public IP

    IPsec configuration of SF refer to this KB article: https://support.sophos.com/support/s/article/KB-000035717?language=en_US

    Please make sure that all the tunnel configured with "*" as a remote gateway should have the same preshared key.

    You may also reach out and be in touch with your local Sophos SE/partner or Professional Services for this type of activtiies.

    Many thanks for your time and patience and thank you for choosing Sophos

    Cheers,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Reply
  • Hello,

    Good day and thanks for reaching out to Sophos Community

    For:

    -Sophos XG IPsec Configuration/HO  - Gateway Type: (Initiate the tunnel from Sophos XG)

    Local Gateway - WAN Interface of the Sophos XG

    Remote Gateway - *

    Then for Fortigate - Remote End device IPsec Configuration/BO (Respond/Dial-up Only)

    Local Gateway - WAN Interface

    Remote Gateway - Sophos XG public IP

    IPsec configuration of SF refer to this KB article: https://support.sophos.com/support/s/article/KB-000035717?language=en_US

    Please make sure that all the tunnel configured with "*" as a remote gateway should have the same preshared key.

    You may also reach out and be in touch with your local Sophos SE/partner or Professional Services for this type of activtiies.

    Many thanks for your time and patience and thank you for choosing Sophos

    Cheers,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Children
No Data