VPN Wizard set-up

The VPN Wizard takes you step-by-step through the configuration of VPN connection between two managed devices simultaneously.

  1. Go to Device Configuration > Configure > VPN > VPN Wizard and click Add.
    On clicking Add, the VPN Wizard starts which contains the following three sections:
    1. Select Device
    2. Device Details
    3. Security Information
  2. Select the managed Head Office and Branch Office devices respectively based on the description shown below.
    Head Office
    Select Device
    Select the Head Office device from the drop-down list of available devices.
    Note Only one device can be selected as the Head Office device.
    Note The list of available devices shows only those added devices which are Connected and Synchronized with Sophos Firewall Manager.
    Tunnel Name

    Specify name to identify the tunnel for Head Office.

    IP Family
    Specify the IP type of the Head Office device subnet or Local End Point.
    Description
    Provide description for the Head Office device.
    Branch Office
    Select Devices
    Select the Branch Office device from the drop-down list of available devices. You can select multiple devices at a time.
    Description
    Provide description for the Branch Office device.
  3. Configure connection details for the Head Office and Branch Office devices respectively.
    Head Office Device
    Policy

    Select policy to be used for Head Office VPN connection. To create a new policy or go to Device Configuration > Configure > VPN > IPSec page.

    Local End Point

    Select Local WAN port of the Head Office device from the list.

    IP/Domain
    Specify IP Address or domain name of the selected Head Office device.
    Subnet

    Select Local LAN Address of the Head Office device. Click Add IP Host to create a new IP Host.

    Branch Office Devices
    Policy

    Select policy to be used for Head Office VPN connection. To create a new policy or go to Device Configuration > Configure > VPN > IPSec page.

    Note Select a policy that is compatible with Head Office Policy.
    Local End Point

    Select Local WAN port of the Head Office device from the list.

    Override End Point
    Select to override interface assignment and specify the Default End Point interface for all selected devices. Alternatively, you can create dynamic interfaces for each device. To add more interfaces, click the icon to add more dynamic interfaces.
    Subnet
    Specify Local LAN Subnet for each managed Branch Office device.
  4. Specify Security Information.
    Specify Preshared Key for Head Office and all Branch Office devices.
    Note Preshared Key should be of minimum 5 characters.
  5. Click Finish to save the settings. On completing the VPN Wizard, all IPSec connections will be created. The connections can later be managed from the VPN Wizard main page.