Skip to content

Add an IP tunnel

  1. Go to Network > IP tunnels and click Add.
  2. Enter a name. You can change this later.

    Maximum number of characters: 58

    The interface's customizable name rather than the hardware name is shown in other settings.

  3. Enter a hardware name for the interface. You can't change this name later.

    Maximum number of characters: 10

    Allowed characters: (A-Za-z0-9_)

    Restriction

    The hardware name can't contain the following system-reserved names: all, gre, oct, mv-pcimux0, mvmgmt0, pport_, lo, ipsec0, tun, ppp, imq, ifb, mast, sit, WWAN1, _ppp, vxlan, xfrm, USB, erspan0, Port, MGMT, eth, GE, gretap0, ip6tnl0, host, reds, wlnet, WLAN, Sophos, GuestAP, spq, and Halink.

  4. Select a tunnel type.

    Option Description
    6in4 For IPv6-to-IPv6 communication over an IPv4 backbone. You must manually configure the source and destination IPv4 addresses. We recommend this method for point-to-point communication.
    6to4 For IPv6-to-IPv6 communication over an IPv4 backbone. The destination IPv4 address of the tunnel can be automatically acquired, but you must manually specify the source address. We recommend this method for point-to-multipoint communication.
    6rd For IPv6-to-IPv6 communication over an IPv4 backbone. This tunnel is an extension of the 6to4 tunnel. The tunnel can be established by a provided and predefined ISP prefix.
    4in6 For IPv4-to-IPv4 communication over an IPv6 backbone. You must manually configure the source and destination IPv4 addresses. We recommend this method for point-to-point communication.
  5. Specify the settings.

    Option Description
    Zone Zone assigned to the tunnel.
    Local endpoint IP address of the local endpoint of the tunnel. For 6in4, 6to4, and 6rd, this is an IPv4 address. For 4in6, this is an IPv6 address.
    Remote endpoint IP address of the remote endpoint of the tunnel. For 6in4, this is an IPv4 address. For 4in6, this is an IPv6 address.
  6. Specify the advanced settings:

    Option Description
    TTL Time-to-live value for packets. This value defines a limit for the number of attempts to transmit a packet before discarding it.
    TOS Value assigned to an IP packet according to the type of service provided. The service defines the packet priority and routing characteristics (latency, throughput, or reliable service).
  7. Click Save.

    A new window appears and tells you that Sophos Firewall successfully created the IP tunnel. If you've selected 6to4 or 6rd as the tunnel type, the window also tells you that the firewall has created a static IPv6 unicast route for the tunnel. You can add static unicast routes for the IP tunnel in this window. You can add additional static routes later by going to Routing > Static routes.

    Note

    If you close this window or select Cancel, the IP tunnel and any automatically created routes are saved and appear in the firewall configuration.

More information