Disclaimer: Please contact Sophos Professional Services if you require assistance with your specific environment.
The purpose of this document is to provide you with information on how to configure SD-WAN orchestration between the local branch and the head office using Sophos Central, whether it’s standalone or in HA.
Check the Status of deployment on web-admin, as shown in the screenshot below:
Verify the Status of HA under CONFIGURE > System services > High availability
Register on Sophos Central under SYSTEM > Sophos Central Note: Please Register both the Firewalls if deployed in HA
Register on Sophos Central, Under SYSTEM > Sophos Central
Under Sophos Central > My Products > Firewall Management > Manage Firewalls > Firewalls.
Under SD-WAN Connection Groups > Click on Create Connection Group Sophos Central > My Products > Firewall Management > SD-WAN Connection GroupsSelect the firewalls you wish to add under the SD-WAN Orchestration
Click Next to Add Resources for both the Firewalls with the drop-down menu:
Notes: Shared networks will be available to all firewalls that are part of this sharing group. You can Opt in for the following options given below:
Click Next to Configure Network. Once done, click the finish button. #Head Office - HA#Branch Office – StandaloneNote – It can take up to 15-20 mins for the tunnel to come upNote: If you opted for automatic firewalls, you’d be able to see in the firewall web admin PROTECT > Rules and PoliciesAnd you’ll be able to see the XFRM Interface under the CONFIGURE > Network > WAN Port > xfrmAnd IPsec connection between the HO and BO can also be seen under the CONFIGURE > VPN > IPsec connections.I hope this article has helped you achieve your requirement and clarified your doubts!
Hello, if customer subscribes to Central Orchestration at Head office firewall, is it required to have Central Orchestration Subscribed for each of the branch office firewalls ?
Will Central Orchestration NOT work if branch office FWs do not have central Orchestration subscription but have say simple BASE license?
Hey Moses Wamono ,Thank you for reaching out to the community.
The following requirements would have to be met on all firewalls if you want to use the SD-WAN feature:
Thanks & Regards,_______________________________________________________________
Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.