[vc_row][vc_column][vc_wp_text]

[xyz-ips snippet=”metadatatitle”]

[/vc_wp_text][vc_empty_space][/vc_column][/vc_row][vc_row][vc_column width=”2/3″][vc_column_text]

Route-based IPsec site-to-site VPN

[/vc_column_text][vc_empty_space][/vc_column][vc_column width=”1/3″][vc_wp_text][xyz-ips snippet=”metadatatime”][/vc_wp_text][/vc_column][/vc_row][vc_row content_placement=”middle”][vc_column width=”2/3″][vc_column_text]

One of the great new features in XG Firewall v18 that we covered in Part 3 of this series is the new SD-WAN application and user-/group-based link selection capabilities. In this article, we’ll review how you can take advantage of those as a part of another new feature in XG Firewall v18: route-based IPsec VPN.

Route-based IPsec (RBVPN) in XG Firewall v18 enables truly dynamic IPsec site-to-site VPN tunnels. With RBVPN, network topology changes don’t impact VPN policy and you no longer need to modify VPN policies if networks are added or removed from your environment. This greatly simplifies VPN policy creation and management, especially in larger and more dynamic environments.

RBVPN provides full control over routing with support for static, dynamic (OSPF, BGP, RIP) and SD-WAN policy-based routes with RBVPN policies. RBVPN implementation in XG Firewall v18 also provides flexibility to set up more complex network address translation using the new NAT rule configuration such as VPN NAT overlap scenarios.

XG Firewall v18 also supports RBVPN tunnel interfaces for SD-WAN policy-based routes to support IPsec and MPLS co-existence with SD-WAN. This makes it possible to enable IPsec and MPLS (even on a non-WAN zone) to both be active at the same time, with options for load balancing on VPN tunnels as well.

RBVPN is a well-accepted industry standard and interoperates nicely with other vendors’ route-based VPN tunnels, making it easier to tunnel to Azure/AWS and other cloud providers. Ultimately, route-based VPN is the preferred choice for today’s dynamic networks.

[/vc_column_text][vc_empty_space][vc_column_text]

Making the most of route-based IPsec VPN tunnels in XG Firewall

This video provides a great detailed look at how to set up route-based VPN in XG Firewall v18:[/vc_column_text][vc_empty_space][vc_video link=”https://vimeo.com/391630434#embed”][vc_empty_space][vc_column_text]

Then, you can take full advantage of the new Synchronized SD-WAN policy-based routing for your VPN traffic, with options for user, group, application, and even Synchronized Application Control-discovered app-based routing for your route-based VPN.

[/vc_column_text][vc_empty_space][vc_raw_html]JTNDaW1nJTIwbG9hZGluZyUzRCUyMmxhenklMjIlMjBjbGFzcyUzRCUyMmFsaWduY2VudGVyJTIwc2l6ZS1mdWxsJTIwd3AtaW1hZ2UtNjg5ODklMjIlMjBzcmMlM0QlMjJodHRwcyUzQSUyRiUyRm5ld3Muc29waG9zLmNvbSUyRndwLWNvbnRlbnQlMkZ1cGxvYWRzJTJGMjAyMCUyRjA4JTJGU0QtV0FOLXBvbGljeS1yb3V0aW5nLnBuZyUyMiUyMGFsdCUzRCUyMiUyMiUyMHNyY3NldCUzRCUyMmh0dHBzJTNBJTJGJTJGbmV3cy5zb3Bob3MuY29tJTJGd3AtY29udGVudCUyRnVwbG9hZHMlMkYyMDIwJTJGMDglMkZTRC1XQU4tcG9saWN5LXJvdXRpbmcucG5nJTIwMjE3MnclMkMlMjBodHRwcyUzQSUyRiUyRm5ld3Muc29waG9zLmNvbSUyRndwLWNvbnRlbnQlMkZ1cGxvYWRzJTJGMjAyMCUyRjA4JTJGU0QtV0FOLXBvbGljeS1yb3V0aW5nLnBuZyUzRnJlc2l6ZSUzRDMwMCUyQzI0MSUyMDMwMHclMkMlMjBodHRwcyUzQSUyRiUyRm5ld3Muc29waG9zLmNvbSUyRndwLWNvbnRlbnQlMkZ1cGxvYWRzJTJGMjAyMCUyRjA4JTJGU0QtV0FOLXBvbGljeS1yb3V0aW5nLnBuZyUzRnJlc2l6ZSUzRDc2OCUyQzYxOCUyMDc2OHclMkMlMjBodHRwcyUzQSUyRiUyRm5ld3Muc29waG9zLmNvbSUyRndwLWNvbnRlbnQlMkZ1cGxvYWRzJTJGMjAyMCUyRjA4JTJGU0QtV0FOLXBvbGljeS1yb3V0aW5nLnBuZyUzRnJlc2l6ZSUzRDEwMjQlMkM4MjQlMjAxMDI0dyUyQyUyMGh0dHBzJTNBJTJGJTJGbmV3cy5zb3Bob3MuY29tJTJGd3AtY29udGVudCUyRnVwbG9hZHMlMkYyMDIwJTJGMDglMkZTRC1XQU4tcG9saWN5LXJvdXRpbmcucG5nJTNGcmVzaXplJTNEMTUzNiUyQzEyMzYlMjAxNTM2dyUyQyUyMGh0dHBzJTNBJTJGJTJGbmV3cy5zb3Bob3MuY29tJTJGd3AtY29udGVudCUyRnVwbG9hZHMlMkYyMDIwJTJGMDglMkZTRC1XQU4tcG9saWN5LXJvdXRpbmcucG5nJTNGcmVzaXplJTNEMjA0OCUyQzE2NDglMjAyMDQ4dyUyMiUyMHNpemVzJTNEJTIyJTI4bWF4LXdpZHRoJTNBJTIwNjQwcHglMjklMjAxMDB2dyUyQyUyMDY0MHB4JTIyJTIwd2lkdGglM0QlMjI2NDAlMjIlMjBoZWlnaHQlM0QlMjI1MTUlMjIlM0U=[/vc_raw_html][vc_empty_space][vc_column_text]

Making the most of NAT in XG Firewall v18

The new NAT capabilities are both powerful and easy to use.  For example, creating a port forwarding or DNAT rule has never been easier, thanks to the new server access assistant wizard.

[/vc_column_text][vc_empty_space][vc_raw_html]JTNDaW1nJTIwbG9hZGluZyUzRCUyMmxhenklMjIlMjBjbGFzcyUzRCUyMmFsaWduY2VudGVyJTIwc2l6ZS1mdWxsJTIwd3AtaW1hZ2UtNjg3NzglMjIlMjBzcmMlM0QlMjJodHRwcyUzQSUyRiUyRm5ld3Muc29waG9zLmNvbSUyRndwLWNvbnRlbnQlMkZ1cGxvYWRzJTJGMjAyMCUyRjA4JTJGMDMtTkFULVJ1bGVzLnBuZyUyMiUyMGFsdCUzRCUyMiUyMiUyMHNyY3NldCUzRCUyMmh0dHBzJTNBJTJGJTJGbmV3cy5zb3Bob3MuY29tJTJGd3AtY29udGVudCUyRnVwbG9hZHMlMkYyMDIwJTJGMDglMkYwMy1OQVQtUnVsZXMucG5nJTIwMTQyOXclMkMlMjBodHRwcyUzQSUyRiUyRm5ld3Muc29waG9zLmNvbSUyRndwLWNvbnRlbnQlMkZ1cGxvYWRzJTJGMjAyMCUyRjA4JTJGMDMtTkFULVJ1bGVzLnBuZyUzRnJlc2l6ZSUzRDMwMCUyQzc2JTIwMzAwdyUyQyUyMGh0dHBzJTNBJTJGJTJGbmV3cy5zb3Bob3MuY29tJTJGd3AtY29udGVudCUyRnVwbG9hZHMlMkYyMDIwJTJGMDglMkYwMy1OQVQtUnVsZXMucG5nJTNGcmVzaXplJTNENzY4JTJDMTk0JTIwNzY4dyUyQyUyMGh0dHBzJTNBJTJGJTJGbmV3cy5zb3Bob3MuY29tJTJGd3AtY29udGVudCUyRnVwbG9hZHMlMkYyMDIwJTJGMDglMkYwMy1OQVQtUnVsZXMucG5nJTNGcmVzaXplJTNEMTAyNCUyQzI1OSUyMDEwMjR3JTIyJTIwc2l6ZXMlM0QlMjIlMjhtYXgtd2lkdGglM0ElMjA2NDBweCUyOSUyMDEwMHZ3JTJDJTIwNjQwcHglMjIlMjB3aWR0aCUzRCUyMjY0MCUyMiUyMGhlaWdodCUzRCUyMjE2MiUyMiUzRQ==[/vc_raw_html][vc_empty_space][vc_column_text]

Synchronized SD-WAN leverages the added clarity and reliability of application identification that comes with the sharing of Synchronized Application Control information between Sophos-managed endpoints and XG Firewall. Synchronized Application Control can positively identify 100% of all networked applications, including evasive, encrypted, obscure, and custom applications – and now these previously unidentified applications can also be added to SD-WAN and VPN routing. This provides a level of application routing control and reliability that other firewalls can’t match.

To use Synchronized Application Control-discovered apps in your routing, when creating an application object for SD-WAN or VPN routing, you can select “Synchronized Application Control” from the Technology drop-down box as shown below to see all the relevant applications.

[/vc_column_text][vc_empty_space][vc_raw_html]JTNDaW1nJTIwbG9hZGluZyUzRCUyMmxhenklMjIlMjBjbGFzcyUzRCUyMmFsaWduY2VudGVyJTIwc2l6ZS1mdWxsJTIwd3AtaW1hZ2UtNjg5OTAlMjIlMjBzcmMlM0QlMjJodHRwcyUzQSUyRiUyRm5ld3Muc29waG9zLmNvbSUyRndwLWNvbnRlbnQlMkZ1cGxvYWRzJTJGMjAyMCUyRjA4JTJGRWRpdC1BcHBsaWNhdGlvbi1PYmplY3QucG5nJTIyJTIwYWx0JTNEJTIyJTIyJTIwc3Jjc2V0JTNEJTIyaHR0cHMlM0ElMkYlMkZuZXdzLnNvcGhvcy5jb20lMkZ3cC1jb250ZW50JTJGdXBsb2FkcyUyRjIwMjAlMkYwOCUyRkVkaXQtQXBwbGljYXRpb24tT2JqZWN0LnBuZyUyMDIwOTB3JTJDJTIwaHR0cHMlM0ElMkYlMkZuZXdzLnNvcGhvcy5jb20lMkZ3cC1jb250ZW50JTJGdXBsb2FkcyUyRjIwMjAlMkYwOCUyRkVkaXQtQXBwbGljYXRpb24tT2JqZWN0LnBuZyUzRnJlc2l6ZSUzRDMwMCUyQzIwNyUyMDMwMHclMkMlMjBodHRwcyUzQSUyRiUyRm5ld3Muc29waG9zLmNvbSUyRndwLWNvbnRlbnQlMkZ1cGxvYWRzJTJGMjAyMCUyRjA4JTJGRWRpdC1BcHBsaWNhdGlvbi1PYmplY3QucG5nJTNGcmVzaXplJTNENzY4JTJDNTI5JTIwNzY4dyUyQyUyMGh0dHBzJTNBJTJGJTJGbmV3cy5zb3Bob3MuY29tJTJGd3AtY29udGVudCUyRnVwbG9hZHMlMkYyMDIwJTJGMDglMkZFZGl0LUFwcGxpY2F0aW9uLU9iamVjdC5wbmclM0ZyZXNpemUlM0QxMDI0JTJDNzA2JTIwMTAyNHclMkMlMjBodHRwcyUzQSUyRiUyRm5ld3Muc29waG9zLmNvbSUyRndwLWNvbnRlbnQlMkZ1cGxvYWRzJTJGMjAyMCUyRjA4JTJGRWRpdC1BcHBsaWNhdGlvbi1PYmplY3QucG5nJTNGcmVzaXplJTNEMTUzNiUyQzEwNTglMjAxNTM2dyUyQyUyMGh0dHBzJTNBJTJGJTJGbmV3cy5zb3Bob3MuY29tJTJGd3AtY29udGVudCUyRnVwbG9hZHMlMkYyMDIwJTJGMDglMkZFZGl0LUFwcGxpY2F0aW9uLU9iamVjdC5wbmclM0ZyZXNpemUlM0QyMDQ4JTJDMTQxMSUyMDIwNDh3JTIyJTIwc2l6ZXMlM0QlMjIlMjhtYXgtd2lkdGglM0ElMjA2NDBweCUyOSUyMDEwMHZ3JTJDJTIwNjQwcHglMjIlMjB3aWR0aCUzRCUyMjY0MCUyMiUyMGhlaWdodCUzRCUyMjQ0MSUyMiUzRQ==[/vc_raw_html][vc_empty_space][vc_separator style=”shadow”][/vc_column][vc_column width=”1/3″][/vc_column][/vc_row][vc_row][vc_column width=”2/3″][vc_column_text]Source: https://news.sophos.com/[/vc_column_text][/vc_column][vc_column width=”1/3″][/vc_column][/vc_row]

Pin It on Pinterest