Skip to content
Last update: 2022-05-25

Add an IP tunnel

  1. Go to Network > IP tunnels and click Add.
  2. Enter a name. You can change this name later.

    Maximum number of characters: 58

    The subsystems will show the customizable name and not the hardware name of the interface.

    Restriction

    The names of physical and virtual interfaces, wireless networks, and IP tunnels can't start with system-reserved names, such as port, eth, ge, and xfrm, except when the Name is the same as the Hardware name.

  3. Enter a hardware name for the interface. You can't change this name later.

    Maximum number of characters: 10

    Allowed characters: (A-Za-z0-9_)

  4. Select a tunnel type.

    Option Description
    6in4 For IPv6-to-IPv6 communication over an IPv4 backbone. You must manually configure the source and destination IPv4 addresses. We recommend this method for point-to-point communication.
    6to4 For IPv6-to-IPv6 communication over an IPv4 backbone. The destination IPv4 address of the tunnel can be automatically acquired, but you must manually specify the source address. We recommend this method for point-to-multipoint communication.
    6rd For IPv6-to-IPv6 communication over an IPv4 backbone. This tunnel is an extension of the 6to4 tunnel. The tunnel can be established by a provided and predefined ISP prefix.
    4in6 For IPv4-to-IPv4 communication over an IPv6 backbone. You must manually configure the source and destination IPv4 addresses. We recommend this method for point-to-point communication.
  5. Specify the settings.

    Option Description
    Zone Zone assigned to the tunnel.
    Local endpoint IP address of the local endpoint of the tunnel. For 6in4, 6to4, and 6rd, this is an IPv4 address. For 4in6, this is an IPv6 address.
    Remote endpoint IP address of the remote endpoint of the tunnel. For 6in4, this is an IPv4 address. For 4in6, this is an IPv6 address.
  6. Specify the advanced settings:

    Option Description
    TTL Time-to-live value for packets. This value defines a limit for the number of attempts to transmit a packet before discarding it.
    TOS Value assigned to an IP packet according to the type of service provided. The service defines the packet priority and routing characteristics (latency, throughput, or reliable service).
  7. Click Save.

    A new window appears and tells you that Sophos Firewall successfully created the IP tunnel. If you've selected 6to4 or 6rd as the tunnel type, the window also tells you that the firewall has created a static IPv6 unicast route for the tunnel. You can add static unicast routes for the IP tunnel in this window. You can add additional static routes later by going to Routing > Static routes.

    Note

    If you close this window or select Cancel, the IP tunnel and any automatically created routes are saved and appear in the firewall configuration.

More information

Back to top