Contents x
    Setting up site-to-site on Sophos XG
    • 1 Minute to read
      Contents

      Setting up site-to-site on Sophos XG

      • 1 Minute to read
        Article summary

        Note: If your device/service supports SHA256 and DH group 14, it is recommended to use these settings instead.

        Configuring at the Sophos XG Interface

        1. Go to the Sophos XG interface and add a local and remote LAN

        2. Go to Hosts and Services > IP Host and select Add to create the local LAN

        01 Setting up site-to-site on Sophos XG.png

        1. Go to Hosts and Services > IP Host and select Add to create the NordLayer LAN (10.6.0.0/20)

        02 Setting up site-to-site on Sophos XG.png

        1. Create an IPsec VPN connection

        2. Go to VPN > IPsec Connections and select Wizard.

        03 Setting up site-to-site on Sophos XG.png

        1. Give it a name and description

        04 Setting up site-to-site on Sophos XG.png

        1. Click Start to follow the wizard

        05 Setting up site-to-site on Sophos XG.png

        1. Select Site To Site as a connection type and select Head Office

        06 Setting up site-to-site on Sophos XG.png

        1. Set the Authentication Type to preshared key (generate this value as we will also need this value on our end)

        07 Setting up site-to-site on Sophos XG.png

        1. Enter details for the local network, including the local WAN port, IP version, local subnet, and local ID

        08 Setting up site-to-site on Sophos XG.png

        1. Enter details for the remote network, including the remote VPN server, IP version, and remote subnet (10.6.0.0/20, or as displayed NordLayer_LAN)

        09 Setting up site-to-site on Sophos XG.png

        1. In the User Authentication Mode field, choose Disabled

        2. Review the IPsec connection summary and click Finish

        3. Click the Status (Active) to activate the connection

        10 Setting up site-to-site on Sophos XG.png

        1. Add two firewall rules allowing VPN traffic

        2. Go to Firewall and click +Add Firewall Rule

        11 Setting up site-to-site on Sophos XG.png

        1. Create two user/network rules as shown below

        First Rule:

        12 Setting up site-to-site on Sophos XG.png

        13 Setting up site-to-site on Sophos XG.png

        14 Setting up site-to-site on Sophos XG.png

        Click Save.

        Second Rule:

        15 Setting up site-to-site on Sophos XG.png

        16 Setting up site-to-site on Sophos XG.png

        17 Setting up site-to-site on Sophos XG.png

        Click Save.

        Ending note:

        In order to finalize the site-to-site setup on our end, please provide these values via Site-to-site request from in the NordLayer Control Panel:

        • Pre-shared key - you can generate it or we can provide it
        • Encryption  details (AES, SHA and DH group) - AES256, SHA256 and DH group 14 are recommended (also must support IKEv2)
        • Remote gateway/router public IP (must be reachable while connected to the server with a dedicated IP)
        • Remote subnet and mask (the subnet is used in your local network)

        Note: In case you are experiencing different results, make sure that you have you carefully gone through all the steps. Having said that, in case the issue persists please feel free to contact our 24/7 customer support team.

        Was this article helpful?
        What's Next