Advisory: Sophos Endpoint - "Your connection isn't private." We're aware of a certificate issue and are actively working to resolve it. Please see: KB-000045954 for the latest updates.

Migration from SG210 to XGS2100

Hi there,

I have a customer who has an SG210 and he wants to move to XGS2100. I have checked the configuration, and the first firewall is a Cisco ASA in front of the ISP, and the Sophos firewall is in front of the LAN. The latest configuration is 16 site to site VPN and 2 remote VPN and some functions.

The question is if I can install the new firewall in bridge mode, and if I install it in bridge mode, can I configure the VPN tunnels and HA cluster!


In this scenario for sure I cannot install the firewall in gateway mode!


Please refer me to the documentation.

Thanks in Advanced

Parents
  • Hello Jalo,

    this is not enough info to answer your questions.

    Are these two SG210 Systems an HA-pair?

    What are the IP-networks and how is the routing done?

    Why do you think only a bridge will do?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hello Jalo,

    this is not enough info to answer your questions.

    Are these two SG210 Systems an HA-pair?

    What are the IP-networks and how is the routing done?

    Why do you think only a bridge will do?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
  • Hallo Philipp,

    Thanks for Reply :)

    Are these two SG210 Systems an HA-pair? -> Yes

    What are the IP-networks and how is the routing done? The Public IP is on ASA and the outside Interface from sophos is private IP ( Transit-Network).

    Why do you think only a bridge will do? -> i did not do this before and i am wondering which mode should i configure..

    Another Question: The Clinet have SSL VPN Profile with 72 Users, there is away where i can exort the users with config and import them in the new firewall!!

    Thanks

    Jalo