Register Now


Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

How To Configure SSL Site to Site VPN In Sophos XG

Here in this article we will learn how to configure SSL VPN site to site VPN between two sophos XG firewalls. Before learning how to configure SSL site to site VPN, you need to select one firewall as server and other firewall as client.

If one firewall use dynamic IP and other firewall use static IP address, use firewall with static IP address as server.

Login to sophos XG firewall and click on VPN menu and SSL VPN (Site to Site) tab. You can see both SSL VPN server and client configuration in the same tab as shown in below image

client and server setup
Server and Client

Configure SSL VPN server:

Click on ADD connection in server tab and fill up the following details

Connection Name: Type VPN connection name

Description: Enter description for SSL VPN connection

Local Networks: Enter local networks which needs to be used in site to site connection. These networks are ocated behind local firewall.

Remote Networks: Enter remote networks which needs to be used in site to site connection. These networks are located behind other end firewall.

Sample SSL VPN server details are as follows:

SSL VPN server configuration
SSL VPN server configuration

Once you configure all the server details, save it.

Click on the download icon beside the SSL VPN site to site connection as shown below

SSL VPN server connection

Now you have downloaded the server configuration, you need to import in other end firewall which will be configured as client. Now login to other end firewall, we will configure SSL VPN site to site connection.

Configure SSL VPN Client:

Fill the details in SSL VPN client configuration as follows

Connection Name: Enter any connection name to SSL VPN client

Configuration File: Upload server configuration file, which you have downloaded before.

Password: If you have entered any password while downloading server configuration file, enter that password here.

SSL VPN site to site client configuration
SSL Client Configuration

Once you configure all settings in client side correctly. You can save it.

SSL VPN site to site client connection
Client connection

If VPN is successfully established both firewall connection status turn green.

Now we have successfully established SSL VPN site to site tunnel. We need to configure firewall rules to allow traffic from one end of the tunnel to other end of the tunnel.

Configure Firewall Rule:

Click on Rules and Policies and click on ADD firewall rule. Fill details in the firewall rule as shown below.

Rule name: Enter any name for firewall rule

Rule Position: Keep it as top.

Rule Group: None

Enable log traffic option to enable logging in firewall. If we do not enable this option traffic through this firewall rule will not be captured.

firewall rule top
Firewall top

Source Zone: Select both VPN and LAN

Source Networks: select Local LAN network and remote LAN network

Destination Zone: Select both VPN and LAN

Destination Networks: select Remote LAN network and Local LAN network

Service: Select ANY

Click on the save firewall rule.

Create the same firewall rule on both the firewalls to accept traffic from both ends.

firewall rule zone configuration
Firewall rule

Now you have configured firewall rules to allow traffic.

You can use SSL VPN site to site connection to send and receive traffic.

Hope this article helps you