We are excited to open the Early Access Program (EAP) of XG Firewall v18 to all Sophos customers and partners. This release offers a ton of great new features and innovations:
- Xstream Architecture delivers extreme new levels of visibility, protection and performance.
- Threat Intelligence Analysis stops zero-day threats before they get on your network.
- Top requested features and innovative enhancements make XG Firewall easier to deploy and manage.
Sophos XG v18: How to configure DNAT with Load Balancing on Sophos XG for outside client can connect to Web Servers on firmware version 18. April 15, 2020 Vincent Others 0. Sophos Certified Engineer Sophos Certified Technician. Private lab: XG firewall with SFOS 18.0.3 MR-3 Intercept X Advanced (for Server) with EDR EAP latest If a.
Xstream Architecture
One of the highlights of v18 is the new Xstream packet processing architecture. It provides superior high-speed security from the latest threats; uncompromising visibility into encrypted traffic flows; and accelerated performance for your most important traffic.
The new architecture has three major components:
- Xstream DPI Engine – Deep packet threat protection for AV, IPS, Web, App Control and SSL Inspection in a single proxy-less streaming engine.
- Xstream SSL Inspection – Industry-leading performance, flexibility, and transparency into all SSL/TLS-encrypted traffic, including support for TLS 1.3 across all ports and applications.
- Xstream Network Flow FastPath – Automatic and policy-based intelligent offloading of trusted traffic processing at wire speed to ensure your trusted mission-critical traffic is always on the fast path.
Threat Intelligence Analysis
Threat Intelligence Analysis is powered by SophosLabs and our leading deep-learning technology. Using a range of threat modelling techniques to analyze files being downloaded or arriving via email, this feature identifies and stops the latest zero-day threats before they get on the network.
To see the types of files entering the network you can get a quick overview in the form of a visual Threatometer (as shown below) and the full details in a comprehensive report.
Your top requested features
You asked and we listened – XG Firewall v18 also includes your top requested features as well as other innovative enhancements related to SD-WAN, NAT, networking, firewall rule management, notifications and alerts, and much more. Take a look at the full list of features for complete details.
Help shape it
To take part in the program, head over to our Community Forums to get the latest firmware, meet your fellow EAP participants and Sophos staff, and share your feedback.
We look forward to seeing you on the forums.
Overview
This article describes how to configure IPSec VPN Client to Site so that remote VPN users can access the enterprise File Server system remotely. Configuration is done on Sophos XG firewall device with firmware version 18
** When configuring SSL VPN, to install the application, you must get the installation source from the User Portal. As for IPSec VPN configuration, to install the application, you must use the installation file downloaded from the Admin account, and the Admin will share that installation file for the VPN user to install
Diagram
Summary of configuration steps
- Configure IPSec VPN Client to Site profile on Sophos XG
- Create IPSec VPN group
- Create IPSec VPN user
- Configure profile for IPSec VPN Client
- Download and install IPSec VPN Client
- Import configuration file to IPSec VPN Client
- Create firewall rule to allow communicate between IPSec VPN and LAN
- Configure NAT Port on Modem or Router
- Configure File Server
- Results
Configuration details
- Configure IPSec VPN Client to Site profile on Sophos XG
Login to Sophos XG by Admin account
1.1 Create IPSec VPN group
** Configuring group creation for IPSec VPN, it’s making easy for administrators to manage and user groups to apply policies according to the needs of the business
- Authentication -> Choose Group -> Click Add
- Create IPSec VPN group
- Group Name: Enter name for IPSec VPN group
- Surfing Quota: Select the network traffic you want
- Access Time: Select the access time you want
-> Click Save
1.2 Create IPSec VPN users
- Authentication -> Choose User -> Click Add
- Create IPSec VPN users
- Username: Enter name for VPN user
- Password: Enter password for IPSec VPN user
- Email: Enter manager’s email
- Group: Choose IPSec VPN group which was created before
-> Click Save
1.3 Configure profile for IPSec VPN Client
- VPN -> Choose Sophos Connect client
- In General settings
- Choose Enable
- In Interface: Choose WAN Port on Sophos XG
- In Authentication type: Choose Preshared key
- In Preshared key: Enter your preshared key
- In Allowed user: Choose IPSec VPN user which was created before
- In Client information
- In Name: Enter connection name
- In Assign IP from: Enter IP range provided for IPSec VPN Client
- In DNS server 1: Enter your DNS
- In DNS server 2: Enter your DNS
-> Click Apply -> Click Download to download IPSec VPN installation software -> Click Export connect to download configuration file
1.4 Download and install IPSec VPN Client
- Extract the installation application file
- Install SophosConnect.msi
- Install scadmin.msi
- Open Sophos Connect Admin -> Click Open to get profile which downloaded before
- You can adjust Target Host to IP WAN of Router or Modem
-> Click Save to save profile
** Saved the file with the .scx extension
1.5 Import configuration file to IPSec VPN Client
- Open Sophos Connect -> Click Import connection -> Choose .scx file
1.6 Create firewall rule to allow communicate between IPSec VPN and LAN
- Rules and Policies -> Click Add Firewall Rule
- Enter name
- In Source zones: Choose VPN
- In Source networks and devices: Choose Any
- In Destination zones: Choose LAN
- In Destination networks: Choose LAN network (Local subnet)
- Choose Match known users
- In Users and groups: Choose IPSec VPN group which was created before
-> Click Save
2. Configure NAT Port on Modem or Router
- We will Nat 2 port is 500 UDP and 4500 UDP
Sophos 18 Port Forwarding
3. Configure File Server
- File sharing on File Server, share files folder for all users as well as VPN users to have access to read and write files
4. Results
- Make connection IPSec VPN Client to Site by opening the application installed on your computer
- Check IP address of IPSec VPN Client
- You access to File Server with File Server’s IP address is 172.16.16.19
- You type in address bar: 172.16.16.19
Sophos 18.0.4
-> Done
Sophos 18 Eap
YOU MAY ALSO INTEREST