Disclaimer: This information is provided as-is without any guarantees. Please contact Sophos Professional Services if you require assistance with your specific environment.
This knowledge base article explains how to set up an IPsec connection from the Sophos UTM to Microsoft Azure.
This article goes through each step required to have a functional virtual network to connect to Azure. Please adapt these steps to fit your existing environment.The following sections are covered:
Applies to the following Sophos products and versionsSophos UTM
The example below describes the steps to build a new environment but can be easily adapted to an existing environment.
The Virtual Network defines the address space used in Azure, as well as what subnets are in that network.
The Virtual Network Gateway defines the external IP with which VPN tunnels can be created. It also defines which networks can be accessed by those VPNs.
The Local network gateway specifies the public IP and private IP's of local networks that may establish a connection to Azure.
The connection defines a specific VPN tunnel and which networks may access it.
The UTM will be set up like any normal IPsec tunnel except that we must make an encryption policy specific to Azure's requirements.
This defines the remote address the UTM will connect to.
The IPsec Policy defines the encryption and other security parameters used by the IPsec tunnel. Azure has specific requirements and we have found that these settings work best.
This creates the IPsec tunnel by selecting a Remote Gateway, Policy, and defining which local networks can access the tunnel.
Previous article ID: 126995