It is posible to create a Site-to-Site SSL VPN Betwen XgFirewall and for example Mikrotik ? Or need sophos in both sides?
Generally no - SSL site-to-site implementations from most vendors are proprietary to that vendor. SSL is just a protocol and doesn’t speak to VPN implementations.
As others have said, you could do IPsec though, which is a common VPN standard.
I’m not too sure on SSL, but IPSec S2S will definitely work. SSL should too in theory.
With IPSec, probably. I haven’t done Sophos to Mikrotik before, but I have done Sophos to three or four other brands, Watchguard to other brands, Sonicwall to other brands, etc. The protocol is the same on both ends, you’ll just have to fiddle with the connection settings until you get it up.
No, Sophos only. The SSL VPN on Sophos XG is a file you download & upload to whichever side - create config on one side, download the config, upload on the other. It’s more of a pain then just doing it manually IMO. Just use IPSec.
Thanks. Someone told me that ipsec only works with fixe-ip.
I have dynamic Ip on one of the two sides
That is incorrect, static IP is not required. Personally use dyndns in that scenario and it works fine. $25 annually.
I have dynamic Ip on one of the two sides
Hi /u/grijander99,
Linking this KBA for your reference
IPsec should work, however you will need to configure the site with the static IP to respond only - note that the remote gateway IP will be any (*).
Then configure the site with the dynamic IP to initiate the connection.