Sophos Pfsense

01-05-2021 by



My go to firewall when one is needed. No muss or fuss when compared to a Cisco, Juniper or other less worth while competitors... The stability longevity and overall security of these systems (when you know what your doing) is second to none. Every system update adds another fix or feature with no empty mess in between. Every iteration makes things more and more useful and simple for the most part! Hard to get any better QoS control than the traffic shaping tab in PFS. Will run on just about anything, and if you have a gig card n it, game over you just got a firewall that is unbeatable, and unless you break it yourself, hardware failure is going to be your only down time!

Sophos is Sophos which has a UTM offering for home users, presumably so that you try it out commercially. OPNsense is an UTM as well, especially if you add the Sensei plugin. It has a Firewall, WAF, Spam protection, malware scanning etc. If you use and combine the plugins correctly. Sadly not everything can be combined.

This article explains how to configure IPSec VPN Site to Site between Sophos XG firewall and Pfsense firewall devices

PfSense is a great product but treat it like a firewall and the big bonus is it's free. It's great at what it does. Sophos UTM on the other hand can be a beast as it's an all in one solution and can get as complex as you would like it. We have failover clustering, load balancing and make use of all of their proxies. PfSense has a tool called 'p0f' which allows you to see what type of OS is trying to connect to you. You can filter these results and you can also block a specific OS from connecting to you. PfSense is an excellent load-balancer: (Multi-WAN and Server Load Balancing) The fail-over/aggregation works very well. Both pfsense and astaro are running NAT, but aren't behind NAT. I tried playing with that setting in a few different ways. Anytime I change the VPN ID the tunnel dies until I set the peer address to that same IP on the pfsense side. PfSense - An open source firewall/router computer software distribution. Sophos - Human-engineered, AI-powered cybersecurity protection for your business and home.

This aritcle configured according to the following diagram:

How to configure

Configure on Sophos XG

Step 1: Create Local and Remote network area for XG device

  • Log in to Sophos XG by Admin account
  • Hosts and Services -> IP Host -> Click Add
  • Create Local Network
  • Enter name
  • Choose IPv4
  • Choose Network
  • In IP address -> Import Internal network

-> Click Save

  • Create Remote Network
  • Enter name
  • Choose IPv4
  • Choose Network
  • In IP address -> Import Remote network

Sophos Vs Pfsense 2019

-> Click Save

Step 2: Create IPSec connection on Sophos XG

  • VPN -> IPSec connections -> Click Wizard
  • Enter name
  • Click Start
  • Choose Site To Site
  • Choose IKEv2
  • Click >
  • Choose Preshared key
  • Enter Preshared key (using for both site)
  • Click >
  • Choose WAN port of Sophos XG
  • Choose Local Network which is created before
  • Click >
  • Enter IP WAN of Pfsense
  • Choose Remote Network which is created before
  • Click >
  • Choose Disabled
  • Click >
  • Click Finish
  • Click Active
Sophos

Configure on Pfsense firewall

Step 3: Create IPSec connection on Pfsense (P1)

  • Log in to Pfsense firewall by Admin account
  • VPN -> IPSec -> Click Add P1
  • In Key Exchange version: Choose IKEv2 (same with Sophos)
  • In Internet Protocol: Choose IPv4
  • In Interface: Choose WAN
  • In Remote Gateway: Enter IP WAN of Sophos

Sophos Vs Pfsense

  • In Authentication Method: Choose Mutual PSK
  • In Pre-Shared Key: Enter Preshared Key which the same with Sophos
  • In Encryption Algorithm: Choose AES -> 256 bits -> SHA256 -> 14 (2048 bit)
  • In Lifetime (Seconds): Enter 3600

-> Click Save

Step 4: Create IPSec connection (P2)

  • In Local Network: Choose Lan subnet
  • In Remote Network: Enter Local network of Sophos
  • In Protocol: Choose ESP
  • In Encryption Algorithms: Choose AES -> 256 bits (same with Sophos)
  • In Hash Algorithms: Choose SHA256

Sophos Sg105 Pfsense

-> Click Save

Step 5: Create Firewall rule in Sophos to allow VPN and LAN network connect together

Step 6: Click Connection to finish

Sophos Pfsense

Configure create Firewall rule for Pfsense to finish

Sophos Utm Pfsense Install

** If you have difficulty configure Sophos products in VietNam, please contact us:

Hotline: 02862711677

Pfsense Vs Sophos Xg

Email: info@thegioifirewall.com

YOU MAY ALSO INTEREST





Snipping Tool For Macbook
The Post Box Company

Comments are closed.