Hello,
I tried to setup a tunnel following some recommendations from the community forum but it did not work. Anybody has a working configuration?
Sincerely,
Alex
This thread was automatically locked due to age.
Hello,
I tried to setup a tunnel following some recommendations from the community forum but it did not work. Anybody has a working configuration?
Sincerely,
Alex
Hello Alex Suslik ,
Thank you for reaching out to the community, may we know the Sophos Appliance model name and firmware version ?
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Hey Alex Suslik , thank you for the update, we do not have a pocket guide/best practice for UTM 9.7 to PAN OS. But we definitely have a guide between our next gen FW to PAN OS. And again UTM 9 only supports IKev1 where as next gen supports IKev2 Parameters as well. You may configure a Site-to-site IPsec tunnel by referring the KBA - https://support.sophos.com/support/s/article/KB-000036832?language=en_US
Just ensure the parameters configured on the PAN OS should be matching with one configured on the UTM 9.
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Thank you Vivek,
The Sophos SG230 is UTM9. So it also only supports IKE1 and not IKE2, correct?
Yes that's right ! Alex Suslik
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
in my case SG230 provides only option "Initiate"
Is UTM9 using for IKE encryption AES-256-cbc?
So phase 1 IKE1 was successful, but not phase 2
ok, tunnel is up
on PaloAlto side in IPSEC Crypto authentication should be set to none.
Welcome to the UTM Community, Alex - thanks for providing the answer for future members with a similar question.
Cheers - Bob