Site-to-site VPN
You can configure policy-based (host-to-host and site-to-site) IPsec VPNs, route-based IPsec VPNs, and SSL VPNs. You can also create RED tunnels between the main office and the branch offices.
IPsec VPN
Policy-based VPN: Encrypts traffic passing through the listening interface based on the firewall rule and the local and remote subnets specified in the matching IPsec connection. Use these to connect small networks.
- About policy-based VPNs
- Add a site-to-site IPsec connection
- Create a site-to-site IPsec VPN (policy-based VPN): An example
- Configure OSPF over IPsec VPN: An example
Route-based VPN: Encrypts traffic passing through the virtual tunnel interfaces established based on the configuration. Static, dynamic, and SD-WAN policy routes determine the traffic sent through these interfaces. Use these to connect large, dynamic networks.
- About route-based VPNs
- Create a route-based VPN: An example
- Configure a route-based VPN failover with two ISP connections: An example
- Configure a site-to-site IPsec VPN with multiple SAs to a route-based Azure VPN gateway: An example
- Configure an IPsec VPN with Azure gateway: An example
- Configure BGP over route-based VPN: An example
- Configure OSPF over route-based VPN: An example
Prerequisites for policy-based and route-based IPsec connections: Use the default IPsec profiles or create custom profiles for the phase 1 and phase 2 security settings.
Post-requisites for policy-based and route-based IPsec connections: Optionally, add a VPN failover group to configure redundant tunnels.
Route system-generated traffic through IPsec tunnels:
- Send DHCP traffic over policy-based IPsec VPN to servers
- Route system-generated authentication queries through an IPsec tunnel
SSL VPN
Site-to-site SSL VPN: Establishes SSL/TLS connections between two Sophos Firewall devices in a client-server configuration.
- About site-to-site SSL VPN connections
- SSL VPN global settings
- Create a site-to-site SSL VPN: An example
RED tunnels
Remote Ethernet Device (RED): Provides a secure tunnel between a remote site and Sophos Firewall. You can configure and install RED appliances. Alternatively, you can create a site-to-site RED tunnel between two Sophos Firewall devices in a client-server configuration.
- About RED hardware models and Firewall REDs
- Add a RED tunnel
- Create a site-to-site RED tunnel: An example
- Deploy a RED manually: An example
More resources