Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

Sophos Firewall: Managing Firewall and SD-WAN Orchestration

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


This recommended Reads provides information on configuring SD-WAN orchestration between the local branch and the head office using Sophos Central, whether standalone or HA.


Head Office Central Registration

Step 1:Deployment Status

Check the Status of deployment on web-admin, as shown in the screenshot below:

Step 2:HA Status

Verify the Status of HA  under Configure > System services > High availability.

Step 3:Central Registration

Register on Sophos Central under System > Sophos Central
Note: Please Register both the Firewalls if deployed in HA

Branch Office Central Registration

Step 1:Deployment status

Check the Status of deployment on web-admin, as shown in the screenshot below:

Step 2: Central Registration

Register on Sophos Central>System>Sophos Central

SD-WAN Orchestration

Step 1: Creation of Group

Under Sophos Central > My Products > Firewall Management > Manage Firewalls > Firewalls.

Step 2: SD-WAN Connection Group

Under SD-WAN Connection Groups > Click on Create Connection Group
            Sophos Central > My Products > Firewall Management > SD-WAN Connection Groups
Select the firewalls you wish to add under the SD-WAN Orchestration

Step 3: Adding Resources

Click Next to Add Resources for both the Firewalls with the drop-down menu:

Notes: Shared networks will be available to all firewalls in this sharing group. You can Opt in for the following options given below:

  • Automatically create firewall rules
  • Limit Access to authenticated users
  • Configure Synchronized Security Heartbeat

Step 4: Configuring Network

Click Next to Configure Network. Once done, click the finish button.

#Head Office - HA

#Branch Office – Standalone

Note – It can take up to 15-20 minutes for the tunnel to come up

Note: If you opted for automatic firewalls, you’d be able to see in the firewall web admin
        Protect > Rules and Policies.

And you’ll be able to see the XFRM Interface under the Configure > Network > WAN Port > xfrm

The IPsec connection between the HO and BO can also be seen under the Configure> VPN > IPsec connections.

I hope this article helped you meet your requirements and clarify your doubts!

Revamped RR Revised Overview Corrected Grammar Added Horizontal Line Correcting Font Size ^EV Added new TAG ^EO
[edited by: emmosophos at 11:12 PM (GMT -8) on 23 Nov 2023]