Sophos UTM: How to create an IPsec connection to Microsoft Azure Sophos UTM: How to tunnel between two UTMs which use the same LAN network range Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues. Sophos could do well to bring the first fully supported UTM which also happens to align in features to TMG. I see endless possible solutions for a UTM solution in Azure cloud. I also have tried to upload the UTM image to Azure but could not get it to work. In Sophos Central, in the left-hand pane, select Settings. On the Settings page, under Administration, select Azure AD Sync Settings/Status. On the Azure Sync Settings/Status page, select Edit. In the Edit Azure AD Sync dialog box, enter the following information, which you obtained when you set up your Azure applications. See full list on community.sophos.com.
1. Preparation
Sophos UTM can connect with Microsoft Azure, site to site VPN in Static routing VPN Gateway.
The basic requirement is in below table:
The table below lists the requirements for both static and dynamic VPN gateways.
| Property | Static Routing VPN gateway | Dynamic Routing VPN gateway | High Performance VPN gateway |
| Site-to-Site connectivity (S2S) | Policy-based VPN configuration | Route-based VPN configuration | Route-based VPN configuration |
| Point-to-Site connectivity (P2S) | Not supported | Supported (Can coexist with site-to-site connectivity) | Supported (Can coexist with site-to-site connectivity) |
| Authentication method | Pre-shared key |
|
|
| Maximum Number of Site-to-Site (S2S) connections | 1 | 10 | 30 |
| Maximum Number of Point-to-Site (P2S) connections | Not supported | 128 | 128 |
| Active Routing Support (BGP) | Not supported | Not supported | Not supported |
Note that for the remainder of this page, the specifications for High Performance VPN gateway and Dynamic Routing VPN gateway are the same unless otherwise noted. For example, the validated VPN devices that are compatible with Azure Dynamic Routing VPN gateways will also be compatible with the new Azure High Performance VPN gateway.
Microsoft Document:
2. Configuration in Microsoft Azure
2.1. Log in to the Management Portal.
2.2. Network Services
In the lower left-hand corner of the screen, click New. In the navigation pane, click Network Services, and then click Virtual Network. Click Custom Create to begin the configuration wizard.
2.3. Virtual Network Details
On the Virtual Network Details page, enter the information below. For more information about the settings on the details page, see the Virtual Network Details page.
- Name – Name your virtual network. For example, EastUSVNet. You’ll use this virtual network name when you deploy your VMs and PaaS instances, so you may not want to make the name too complicated.
- Location – The location is directly related to the physical location (region) where you want your resources (VMs) to reside. For example, if you want the VMs that you deploy to this virtual network to be physically located in East US, select that location. You can’t change the region associated with your virtual network after you create it.
2.4. DNS Servers and VPN Connectivity
· DNS Server and IP: optional
· Check: Configure Site-To-Site VPN
2.5. Site-To-Site Connectivity
· Name: Name of local Network site
· VPN Device IP Address: Public IP Address of Sophos UTM
· Address Space: Subnet of Sophos UTM local network, which want to connect with Microsoft Azure. Multi subnet is allowed
2.6. Virtual Network Address Spaces
The subnet of Microsoft Azure Network:
· Address Space – including Starting IP and Address Count. Verify that the address spaces you specify don’t overlap any of the address spaces that you have on your on-premises network.
· Add subnet – including Starting IP and Address Count. Additional subnets are not required, but you may want to create a separate subnet for VMs that will have static DIPS. Or you might want to have your VMs in a subnet that is separate from your other role instances.
· Add gateway subnet – Click to add the gateway subnet. The gateway subnet is used only for the virtual network gateway and is required for this configuration.
2.7. Complete
Click the checkmark on the bottom of the page and your virtual network will begin to create. When it completes, you will see Created listed under Status on the Networks page in the Management Portal.
2.8. Go to Dashboard
· Create NEW Gateway
· Choose Static Gateway
2.9. Get the Gateway IP Address
· See the Microsoft Azure Gateway IP Address after create gateway successful.
2.10. Create the Preshare key
· Create the key, copy to paste to Sophos UTM configuration
3. Configuration the Sophos UTM
3.1. Add Remote Gateway
Go to Site-to-Site VPN -> IPSec -> Remote Gateway -> New Remote Gateway
3.2. Create New IPSec Policy
Note: IPSec PFS: None
3.3. Create new IPSec Connection:
· Remote gateway: Microsoft Azure
· Local Interface: WAN (which has the IP address in step above)
· Policy: Azure (create above)
· Local Network: 172.16.17.0/24 (create in step)
3.4. Enable Connection and Connect
See in Sophos UTM:
SOPHOS UTM: Use Azure MFA For SSLVPN And Userportal ...
See in Microsoft Azure