| 1 | Port 500, 4500 Open by ISP | |
| 2 | Traffic arriving on Port 500, 4500 | |
| 3 | Matching Connection Type | |
| 4 | Gateway Type | |
| 5 | Matching Key Exchange | |
| 6a | IPsec Profile Matching | |
| 7 | Phase 1 Matching Settings | |
| 7a | Key Life | |
| 7b | Re-Key Margin | |
| 7c | DH Group | |
| 7d | Encryption | |
| 7e | Authentication | |
| 8 | Phase 2 Matching Settings | |
| 8a | PFS Group (DH Group) | |
| 8b | Key Life | |
| 8c | Encryption | |
| 8d | Authentication | |
| 9 | Encryption Profile must match | |
| 10 | Authentication Type (RSA Key Recommended between Sophos Firewall) |
|
| 11 | Listening Interface (WAN Interface only) | |
| 12 | Gateway Address |
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.