Native Microsoft Azure Site-to-Site VPN
Sophos UTM already natively supports automatic site-to-site VPN tunnels with BGP routing to AWS. I look forward to Sophos UTM supporting the same sort of site-to-site VPN tunnels with BGP to Microsoft Azure in public and private cloud deployments.
I think the easiest way for this to work would be for Sophos UTM to look at the requirements of getting the VPN itself setup (which has been documented in the forums and works), then to make BGP work on top of that, then ensure that BGP and the VPN can work between multiple private cloud and public cloud sites, then contact Microsoft to validate the Sophos UTM solution, once the Sophos UTM site-to-site VPN is a validated solution then it should be an automatic script download through the Azure Private/Public portals.
Watchguard already has this.
We will address this within XG Firewall in one of the upcoming releases.
Kevin Smith commented
We are UTM customers with both Azure and AWS cloud environments. Our Azure site-to-site VPN is completely unreliable while our AWS VPC site-to-site is flawless. Unfortunately we need both and I am forced to entertain looking at alternatives other than SOPHOS.
J B commented
I have clients at the end of their subscription cycle and most of them are looking into alternatives. Also unable to push the XG due to the mental change the clients need to go through. When will this be available in the UTM?
Any Update?? More than 2 years to release this feature??
Sebastian Meyer commented
IKEv2 !!! Dynamic VPN...
Cisco, Juniper and FORTINET support this already!
I am just looking to purchase a Sophos UTM and noticed this request. Annoying as I just spent 20 minutes writing why we should buy a Sophos and now control+a del. We have to have Azure compatibility and silence on this matter isn't accepted as it doesn't inspire confidence that it will ever be implemented. Off to check out Check Point et al.
We are going to have to replace client firewalls with a different brand if this is not implemented very soon!
Thomas Radosh commented
so in March you claim you evaluating for next release. Since then there was number of releases, any idea when it will be delivered?
Does anyone here have experience in moving from Sophos to Fortinet's FortiGate?
Please lets see this operational ASAP...
Please can you draw an end to this Mexican standoff - it really is holding things up development at our end..
Klaus Schröder commented
Jan, "Under review" since March 5, 2015? This is almost a year after Aaron's request. What did you do in the meantime? Hope that we will not have to wait another year until you start implementing.
How much time do we need to wait for Dynamic Routing on Sophos UTM? I'm waiting for more than 1 year!
Ronny Proft commented
Please bring the Option as soon as possible.
Mark Kleine commented
Good to see some movement on this. We use a number of Azure servers, and have been using a number of tricks to get connected, however, I'd really like to just 'set it, and forget it'<g>.
Aaron Marks commented
Glad to hear that Sophos is planning to implement. Please ensure though that the solution implemented works with Azure's Dynamic Routing. Configuration should be easily accomplished through using a Windows Azure Pack or Azure Native VPN configuration file.
Abby Ahzan commented
All Sophos competitors are already on the list and Azure is very in now so will be great to see Sophos UTM 9.3 add a feature to support this and join the list. We have actually lost some deals on the back of this. https://msdn.microsoft.com/en-us/library/azure/jj156075.aspx#bkmk_VPN_Devics
BrucekConvergent is right: It's quite embarrassing that the Sophos UTM lacks native Azure support.
Jesse P commented
Same thing -- Support dynamic routing
Sophos really needs to get with Microsoft... doesn't look good when all the competitors are listed here: http://msdn.microsoft.com/en-us/library/azure/jj156075.aspx
We should be too!
Just as a side note, Static Routing VPN works fine. What does not work at all is the Dynamic Routing VPN. This is essential to connect multiple branch offices to Azure. I believe the problem is that UTM still uses the rather old pluto daemon. It will need to charon daemon to support IKEv2 and thus dynamic routing VPNs