Site-to-site VPN
You can configure policy-based (host-to-host and site-to-site) IPsec VPNs, route-based IPsec VPNs, and SSL VPNs. You can also create RED tunnels between the main office and the branch offices.
IPsec VPN
Policy-based VPN: Encrypts traffic passing through the listening interface based on the firewall rule and the local and remote subnets specified in the matching IPsec connection.
- About policy-based VPNs
- Add an IPsec connection
- Create a site-to-site IPsec VPN (Policy-based VPN): An example
- Configure OSPF over IPsec VPN: An example
Route-based VPN: Encrypts traffic passing through the virtual tunnel interfaces established based on the configuration. Static, dynamic, and SD-WAN policy routes determine the traffic sent through these interfaces.
- About route-based VPNs
- Create a route-based VPN: An example
- Configure a site-to-site IPsec VPN with multiple SAs to a route-based Azure VPN gateway: An example
- Configure an IPsec VPN with Azure gateway: An example
- Configure BGP over route-based VPN: An example
- Configure OSPF over route-based VPN: An example
Prerequisites for policy-based and route-based IPsec connections: Use the default IPsec policies or create custom policies for the phase 1 and phase 2 security settings.
Post-requisites for policy-based and route-based IPsec connections: Optionally, add a VPN failover group to configure redundant tunnels.
SSL VPN
Site-to-site SSL VPN: Establishes SSL/TLS connections between two Sophos Firewall devices in a client-server configuration.
RED tunnels
Remote Ethernet Device (RED): Provides a secure tunnel between a remote site and Sophos Firewall. You can configure and install RED appliances. Alternatively, you can create a site-to-site RED tunnel between two Sophos Firewall devices in a client-server configuration.