1 | Port 500, 4500 Open by ISP | |
2 | Traffic arriving on Port 500, 4500 | |
3 | Matching Connection Type | |
4 | Gateway Type | |
5 | Matching Key Exchange | |
6a | IPsec Profile Matching | |
7 | Phase 1 Matching Settings | |
7a | Key Life | |
7b | Re-Key Margin | |
7c | DH Group | |
7d | Encryption | |
7e | Authentication | |
8 | Phase 2 Matching Settings | |
8a | PFS Group (DH Group) | |
8b | Key Life | |
8c | Encryption | |
8d | Authentication | |
9 | Encryption Profile must match | |
10 | Authentication Type (RSA Key Recommended between Sophos Firewall) |
|
11 | Listening Interface (WAN Interface only) | |
12 | Gateway Address |
Port 500, 4500 Open by ISP
For IPsec to connect, port 500 has to be open by the ISP, please confirm with your ISP that port 500 is open, if you have an upstream device (Sophos Firewall doesn't have a Public IP on the WAN interface) make sure Port 4500 is open by your ISP and that the upstream device is passing down the Port 4500