RE: Site to Site VPN Issues Between Sophos XGS 116

Raphael Alganes — Mon, 24 Jul 2023 02:20:52 GMT

Hi Andre,

Good day and thanks for reaching out to Sophos Community.

In addition to Bharat J's response above, which initially could guide you setting up IPsec site-to-site but to give insight to your questions above, It depends on the use case and your environment, security policy etc. -

- Is it better to use a pre-shared key or an RSA key? These Authentication types has their own pros and cons that can be searched more but for the quick discussion of this use case - PSK max bits is 512, RSA key has more, both does not much require configuration overhead on a simple 2 Firewall site to site connectivity. But if this is multiple sites to be managed Digital certificate has it's own advantage
- In the firewall rules, should we put some IPS policy? Optimal security, you can use IPS.
- In the VPN profile, do we use the IKEv2 protocol? If the other end supports IKEv2, it is better as it is the enhancement of v1

Also, I may recommend you to reach out to your local Sales Engineer/Partner, I believe they can be of guidance with you on these type of engagements.

Hope this helps. Many thanks for your time and patience and thank you for choosing Sophos.