Scribd Logo
Upload

Welcome to Scribd!

  • Support Sophos Com Support S Article KB 000035960 Language e

    Uploaded by

    jasjusr
    40 views19 pages
    This document provides instructions for establishing an IPsec VPN connection between Sophos and Cyberoam firewalls using a pre-shared key for authentication. It describes configuring the local and remote networks on each firewall, creating the IPsec VPN connection with pre-shared key authentication, activating the connection, and adding firewall rules to allow VPN traffic. It also provides results to verify connectivity and troubleshooting tips.

    Original Description:

    Original Title

    support_sophos_com_support_s_article_KB_000035960_language_e

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for establishing an IPsec VPN connection between Sophos and Cyberoam firewalls using a pre-shared key for authentication. It describes configuring the local and remote networks on each firewall, creating the IPsec VPN connection with pre-shared key authentication, activating the connection, and adding firewall rules to allow VPN traffic. It also provides results to verify connectivity and troubleshooting tips.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    40 views19 pages

    Support Sophos Com Support S Article KB 000035960 Language e

    Uploaded by

    jasjusr
    This document provides instructions for establishing an IPsec VPN connection between Sophos and Cyberoam firewalls using a pre-shared key for authentication. It describes configuring the local and remote networks on each firewall, creating the IPsec VPN connection with pre-shared key authentication, activating the connection, and adding firewall rules to allow VPN traffic. It also provides results to verify connectivity and troubleshooting tips.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    PRODUCTS SOLUTIONS PARTNERS COMPANY

    Search... LOGIN

    HOME

    Quick Links
    Sophos Firewall: How to establish a Site-to-Site
    IPsec VPN connection between Cyberoam and
    Sophos Firewalls using a preshared key Sample Submissions

    Sophos Community
    KB-000035960 Mar 4, 2020 5 people found this article helpful

    Sophos Labs
    Overview Twitter Support
    This article describes the steps to configure a Site-to-Site IPsec VPN connection between Cyberoam and Sophos
    XG Firewalls using preshared key as an authentication method for VPN peers.

    The following sections are covered:

    Configuring Sophos XG Firewall


    Configuring Cyberoam Firewall
    Establishing the IPsec connection
    Results
    Related information

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    Applies to the following Sophos products and versions
    Sophos Firewall

    Configuring Sophos XG Firewall


    Add local and remote LAN

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    Go to Hosts and Services > IP Host and select Add to create the local LAN.

    Go to Hosts and Services > IP Host and select Add to create the remote LAN.

    Create an IPsec VPN connection


    Go to VPN > IPsec Connections and select Wizard. Give it a name and click on Start to follow the wizard.

    Select Site To Site as a connection type and


    select Head Office.

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    Set the Authentication Type to preshared key.

    In Local Subnet field, choose the local LAN


    created earlier.

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    In Remote Subnet field, choose the remote
    LAN created earlier.

    Review the IPsec connection summary and


    click Finish.

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    By clicking Finish, the following screen is displayed, showing the above created connection.

    Click the under Status (Active) to activate the connection.

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    Add two firewall rules allowing VPN traffic
    Go to Firewall and click +Add Firewall Rule. Create two user/network rules as shown below.

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    Configuring Cyberoam Firewall
    Add local and remote LAN
    Go to OBJECTS > Hosts and select Add to create the local LAN.

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    Go to OBJECTS > Hosts and select Add to create the remote LAN.

    Create an IPsec VPN connection


    Go to VPN > IPSec > Connection and select Wizard. Give it a name and click on Start to follow the wizard.

    Select Site To Site as a connection type and


    select Branch Office.

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    Set the Authentication Type to preshared key.

    Make sure to use the same preshared key as in


    Sophos XG Firewall.

    In Local Subnet field, choose the local LAN


    created earlier. 

    In Remote Subnet field, choose the remote LAN


    created earlier.

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    Review the IPsec connection summary and
     
    click Finish.

    By clicking Finish, the following screen is displayed, showing the above created connection.

    Click the under Status (Active) to activate the connection.

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    Add two firewall rules allowing VPN traffic
    Go to FIREWALL > Rule > IPv4 Rule and click Add. Create two rules as shown below.

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    Establishing the IPsec connection
    Once both Firewall devices at the head and branch offices are configured, establish the IPsec connection between
    them. Since the Firewall at the branch office initiates the connection, from Cyberoam firewall, go to VPN >  IPSec >
    Connections and click the under Status (Connection).

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
     

    From Sophos XG Firewall, go to VPN > IPsec Connections and verify that the IPsec connection has established.

    Results
    A ping test from a machine behind Sophos XG Firewall to a machine behind Cyberoam Firewall and vice versa
    should work.

    From Sophos XG Firewall go to Firewall and verify that VPN rules allow ingress and egress traffic.

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    Go to Reports > VPN and verify the IPsec usage.

    Click on the connection name for details.

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    From Cyberoam Firewall, go to FIREWALL > Rule > IPv4 Rule and verify that VPN rules allow download and upload
    data.

    Note:

    Make sure that VPN firewall rules are on the top of the Firewall Rule list.
    In a head and branch office configuration, the Cyberoam Firewall on the branch office usually acts as the
    tunnel initiator and the Sophos Firewall on the head office as a responder due to the following reasons:

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    When the branch office device is configured with a dynamic IP address, the head office device cannot
    initiate the connection.
    As the branch offices number vary, it is recommended that each branch office retry the connection
    instead of the head office retrying all connections to branch offices. 

    Related information
    Sophos Firewall: How to change firewall rule order
    Sophos Firewall: How to set a Site-to-Site IPsec VPN connection using a preshared key
    Sophos Firewall: How to establish a Site-to-Site IPsec VPN connection using RSA Keys
    Sophos Firewall: How to establish a Site-to-Site IPsec connection using Digital Certificates
    Sophos Firewall: How to apply NAT over a Site-to-Site IPsec VPN connection
    Sophos Firewall: How to configure an IPsec VPN connection with multiple end points
    Sophos Firewall: How to set a Site-to-Site IPsec VPN connection between XG and SG Firewalls using a
    preshared key
    Sophos Firewall: How to create a hub and spoke IPsec VPN
    Sophos Firewall: Troubleshooting steps when traffic is not passing through the VPN tunnel

    Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical
    issues.

    Previous article ID: 123600

    Did this article provide the information you were looking for?
    Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For
    technical support post a question to the community. Or click here for new feature/product improvements.
    Alternatively for paid/licensed products open a support ticket.
    Yes No

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    Submit

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD

    You might also like