Hello everyone,
I am using the Sophos XG (Home) v18.5 firewall router with 2 WAN lines running load balance. Now that I look forward to setting up a VPN profile for remote administration, I want this VPN connectivity to be accessible even if my WAN IP changes suddenly (e.g. failover).
The Sophos XG Firewall supports several types of VPN, I am looking at the possibility of deploying an SSL VPN by TCP protocol for the ease of use and commonality. Will this work for me ? If not, what other kinds of VPN or configurations will ? Also, do I need a DDNS account in order for this firewall to broadcast my WAN IP to the VPN connection in case of failover ?
Thank you in advance.
Both your WAN addresses should be in your SSL VPN config by default. I would recommend going for a dynamic DNS service on both of your WAN links. You can configure the port and the desired protocol (TCP or UDP) in the general settings.
I have two profiles + sophos connect.
Set up connection to one wan port and import the config file, then edit the config file with notepad, find and replace wan ip with the alternate, rename and import.
For corporate users I have it set up using DNS through AT&T but that is a manual process to change when failover occurs.
I look forward to the procedure to add ddns providers manually. I like FreeMyIP so much. How did you add AT&T in ?
Our ips that relate to vpns are all static. We have dns service through AT&T, I can go on one of their sites and change dns entries and it populates over the web in 5-30 minutes.
Ddns sucks for this. Customer should probably cough up the $ for statics (not too pricey).