Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 40 subscribers
  • Views 1293 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site VPN Issues Between Sophos XGS 116

Andre Soares

We are setting up a Site to Site IPSEc VPN between two Sophos XGS 116s.

- Is it better to use a pre-shared key or an RSA key?
- In the firewall rules, should we put some IPS policy?
- In the VPN profile, do we use the IKEv2 protocol?

Thanks
André Soares



This thread was automatically locked due to age.
  • 0

    Hi Andre,

    Good day and thanks for reaching out to Sophos Community.

    In addition to Bharat J's response above, which initially could guide you setting up IPsec site-to-site but to give insight to your questions above, It depends on the use case and your environment, security policy etc. -

    - Is it better to use a pre-shared key or an RSA key? These Authentication types has their own pros and cons that can be searched more but for the quick discussion of this use case - PSK max bits is 512, RSA key has more, both does not much require configuration overhead on a simple 2 Firewall site to site connectivity. But if this is multiple sites to be managed Digital certificate has it's own advantage
    - In the firewall rules, should we put some IPS policy? Optimal security, you can use IPS.
    - In the VPN profile, do we use the IKEv2 protocol? If the other end supports IKEv2, it is better as it is the enhancement of v1

    Also, I may recommend you to reach out to your local Sales Engineer/Partner, I believe they can be of guidance with you on these type of engagements. 

    Hope this helps. Many thanks for your time and patience and thank you for choosing Sophos.

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • +1

    Hi Andre Soares,

    Follow this link https://doc.sophos.com/nsg/sophos-firewall/18.5/help/en-us/webhelp/onlinehelp/AdministratorHelp/VPN/SiteToSiteVPN/VPNCreateRouteBasedVPN/index.html 

    Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML