Skip to content
Last update: 2021-10-21

Site-to-site VPN

You can configure policy-based (host-to-host and site-to-site) IPsec VPNs, route-based IPsec VPNs, and SSL VPNs. You can also create RED tunnels between the main office and the branch offices.

IPsec VPN

Policy-based VPN: Encrypts traffic passing through the listening interface based on the firewall rule and the local and remote subnets specified in the matching IPsec connection.

Route-based VPN: Encrypts traffic passing through the virtual tunnel interfaces established based on the configuration. Static, dynamic, and SD-WAN policy routes determine the traffic sent through these interfaces.

Prerequisites for policy-based and route-based IPsec connections: Use the default IPsec policies or create custom policies for the phase 1 and phase 2 security settings.

Post-requisites for policy-based and route-based IPsec connections: Optionally, add a VPN failover group to configure redundant tunnels.

SSL VPN

Site-to-site SSL VPN: Establishes SSL/TLS connections between two Sophos Firewall devices in a client-server configuration.

RED tunnels

Remote Ethernet Device (RED): Provides a secure tunnel between a remote site and Sophos Firewall. You can configure and install RED appliances. Alternatively, you can create a site-to-site RED tunnel between two Sophos Firewall devices in a client-server configuration.

Back to top