Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=site-to-site-VPN-SSL-VPN

Site-to-site SSL VPN

With site-to-site SSL VPN, you can provide access between internal networks over the internet using point-to-point encrypted tunnels.

Before you migrate to SFOS 20.0 MR1

Firewalls using SFOS 20.0 MR1 won't establish site-to-site SSL VPN connections with firewalls using the following versions:

  • SFOS 18.5 and earlier versions.
  • UTM 9 OS.

To continue to establish SSL VPN tunnels in these scenarios after upgrading to 20.0 MR1, you can use one of the following options:

  • Use site-to-site IPsec tunnels
  • Use RED tunnels.
  • Upgrade both firewalls to the latest version.

Configuration

The tunnel endpoints act as either client or server. The client initiates the connection, and the server responds to client requests. This contrasts with IPsec where both endpoints can initiate a connection. An SSL VPN can connect from locations where IPsec encounters problems due to network address translation and firewall rules.

  • Go to Site-to-site VPN > SSL VPN.
  • To download a server connection, click Download Download button..
  • Click SSL VPN global settings to specify the settings. See SSL VPN global settings.
  • Click Logs to see the logs.

More resources