This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

B2BVPN between Sophos SG230 and Juniper SRX4600 route-based VPN

Hi, we tried to create a B2BVPN between Sophos SG230 and Juniper SRX4600 route-based VPN however its failed.
Understand from level one support that our Sophos SG230 UTM 9 doesn't support route-based VPN and it only support policy based VPN setup. Would like to confirm is this correct? any other workaround or alternative? 

Thanks in advance. 





This thread was automatically locked due to age.
  • Hi,

    that is correct!

    Only workaround is with 2 UTM you can use red-tunnel to create a route based "vpn".

    with other firewall models no route based ipsec is possible.

    i miss this too in utm...

    in xg it is possible with v18

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • Hi Zaphod, thanks for your reply, meaning our SG UTM are only support Policy base VPN?
    Do you managed to find any KB or article mentioned that SG UTM doesn't support Route base VPN?

  • There likely won't be a KB stating what is NOT in UTM.

    However in this URL you can see it's a new feature in XG Firewall 18. Therefore don't expect it to ever come to UTM since new features in UTM are very, very rare since Sophos has released XG Firewall

     

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Hi,

    as the others already said, sadly the SG do not support policy based IPsec.

    There was bevor years a roadmap were they announced IPSec IKEv2 for V 9.6, but then it was deferred and maybe it will never arrive.
    You can still just vote for it.

    My suggested workaround, use OPNsense as VPN-concentrator.

    bye Josef

    BERGMANN engineering & consulting GmbH, Wien/Austria

  • Hi and welcome to the UTM Community!

    I've never touched a Juniper, so I don't know if this thread about creating a GRE tunnel to a CISCO would be helpful.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA