Native Microsoft Azure Site-to-Site VPN
Sophos UTM already natively supports automatic site-to-site VPN tunnels with BGP routing to AWS. I look forward to Sophos UTM supporting the same sort of site-to-site VPN tunnels with BGP to Microsoft Azure in public and private cloud deployments.
I think the easiest way for this to work would be for Sophos UTM to look at the requirements of getting the VPN itself setup (which has been documented in the forums and works), then to make BGP work on top of that, then ensure that BGP and the VPN can work between multiple private cloud and public cloud sites, then contact Microsoft to validate the Sophos UTM solution, once the Sophos UTM site-to-site VPN is a validated solution then it should be an automatic script download through the Azure Private/Public portals.
Watchguard already has this.
We are closely evaluating options for one of the next releases.
Ronny Proft commented
Please bring the Option as soon as possible.
Mark Kleine commented
Good to see some movement on this. We use a number of Azure servers, and have been using a number of tricks to get connected, however, I'd really like to just 'set it, and forget it'<g>.
Glad to hear that Sophos is planning to implement. Please ensure though that the solution implemented works with Azure's Dynamic Routing. Configuration should be easily accomplished through using a Windows Azure Pack or Azure Native VPN configuration file.
Abby Ahzan commented
All Sophos competitors are already on the list and Azure is very in now so will be great to see Sophos UTM 9.3 add a feature to support this and join the list. We have actually lost some deals on the back of this. https://msdn.microsoft.com/en-us/library/azure/jj156075.aspx#bkmk_VPN_Devics
BrucekConvergent is right: It's quite embarrassing that the Sophos UTM lacks native Azure support.
Jesse P commented
Same thing -- Support dynamic routing
Sophos really needs to get with Microsoft... doesn't look good when all the competitors are listed here: http://msdn.microsoft.com/en-us/library/azure/jj156075.aspx
We should be too!
Just as a side note, Static Routing VPN works fine. What does not work at all is the Dynamic Routing VPN. This is essential to connect multiple branch offices to Azure. I believe the problem is that UTM still uses the rather old pluto daemon. It will need to charon daemon to support IKEv2 and thus dynamic routing VPNs
And here are the basics on Microsoft's Hybrid Networking with an overview of site-to-site VPN connectivity: http://blogs.technet.com/b/in_the_cloud/archive/2014/03/14/success-with-hybrid-cloud-getting-deep-hybrid-networking.aspx
Here are all the details on Microsoft's BGP implementation: http://blogs.technet.com/b/networking/archive/2013/10/11/border-gateway-protocol-bgp-with-windows-server-2012-r2.aspx