Share via

Assistance setting up site-site connection (IPSEC vpn) on sophos XG fw

Marco Rossouw 25 Reputation points
2024-03-07T16:47:53.8066667+00:00

Hi Everyone,

Need assistance in setting up site - Azure VPN connection. On-site we have Sophos XG firewall and I have created virtual network gateway on Azure as well as local Gateway device. Which have been linked in a Connection that I have created in the VNG. My issue is now the following. I need the IP address assigned to the connection once it has been deployed and updated successfully which is downloaded as a general device config file according to sophos community. Unfortunately my connection update fails in Azure, which in turn causes me not be able to download the config file, from where I need to get the ip address that I need to setup in the on-prem fw setup for the site - site connection.

User's image

The health status that I am getting indicates the following:

User's image

am I missing something somethere, or can someone maybe point me in the correct direction to resolve this. please let me know what other information I can supply

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,795 questions
0 comments
Accepted answer
  1. GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator
    2024-03-08T07:44:16.0033333+00:00

    Hello @Marco Rossouw ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you are trying to set up a site-site connection (IPSEC vpn) between Azure VPN gateway and your on-premises Sophos XG Firewall device and would need some help in finding the IP address which needs to be configured in the on-premises firewall setup for the site-site connection.

    You can refer the below Configuration guide from Sophos which shows how to establish a Site-to-Site IPsec VPN to Microsoft Azure:

    https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/118402/sophos-firewall-how-to-establish-a-site-to-site-ipsec-vpn-to-microsoft-azure-v17-x

    This is taken from the below Azure VPN documentation:

    https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#devicetable

    You can download the configuration script from Azure portal from the Overview page of the Connection (You need to go to the Connection object directly to find the download configuration option):

    https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-download-vpndevicescript#download-the-configuration-script-from-azure-portal

    User's image

    And to answer your question "from where I need to get the ip address that I need to setup in the on-prem fw setup for the site - site connection":

    You need to get the IP address of the Azure VPN gateway to add that in the on-premises firewall.

    User's image

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.