Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table of Contents
Overview
This recommended Reads provides information on configuring SD-WAN orchestration between the local branch and the head office using Sophos Central, whether standalone or HA.
Topology
Head Office Central Registration
Step 1:Deployment Status
Check the Status of deployment on web-admin, as shown in the screenshot below:
Step 2:HA Status
Verify the Status of HA under Configure > System services > High availability.
Step 3:Central Registration
Register on Sophos Central under System > Sophos Central
Note: Please Register both the Firewalls if deployed in HA
Branch Office Central Registration
Step 1:Deployment status
Check the Status of deployment on web-admin, as shown in the screenshot below:
Step 2: Central Registration
Register on Sophos Central>System>Sophos Central
SD-WAN Orchestration
Step 1: Creation of Group
Under Sophos Central > My Products > Firewall Management > Manage Firewalls > Firewalls.
Step 2: SD-WAN Connection Group
Under SD-WAN Connection Groups > Click on Create Connection Group
Sophos Central > My Products > Firewall Management > SD-WAN Connection Groups
Select the firewalls you wish to add under the SD-WAN Orchestration
Step 3: Adding Resources
Click Next to Add Resources for both the Firewalls with the drop-down menu:
Notes: Shared networks will be available to all firewalls in this sharing group. You can Opt in for the following options given below:
- Automatically create firewall rules
- Limit Access to authenticated users
- Configure Synchronized Security Heartbeat
Step 4: Configuring Network
Click Next to Configure Network. Once done, click the finish button.
#Head Office - HA
#Branch Office – Standalone
Note – It can take up to 15-20 minutes for the tunnel to come up
Note: If you opted for automatic firewalls, you’d be able to see in the firewall web admin
Protect > Rules and Policies.
And you’ll be able to see the XFRM Interface under the Configure > Network > WAN Port > xfrm
The IPsec connection between the HO and BO can also be seen under the Configure> VPN > IPsec connections.
I hope this article helped you meet your requirements and clarify your doubts!
Added TAGs
[edited by: Raphael Alganes at 5:34 AM (GMT -7) on 18 Sep 2024]
