Trying to get wireguard going as a VPN option, and we're able to get to the subnet local to the server, but it seems like the XG won't route the traffic over the s2s VPNs. I've got the wireguard subnet set up in the XG and assigned to the tunnel, but any tracert shows the wg server, then the sophos IP, and then just a bunch of timeouts. Available with Sophos XG Firewall, UTM, Web Appliance, and Secure Email Gateway, Sophos Sandstorm uses next-gen, cloud-sandbox technology to give your organization an extra layer of security against evasive threats like ransomware and zero-day malware disguised as executables, PDFs, and Microsoft Office documents. There's no 'big company' in the NGFW market that already implemented Wireguard, so don't create any expectations on It. And considering Sophos is using a OpenVPN version from 2015 with TLSv1 support, well, you shouldn't have any hope on this.

Hi There,

With SSL VPN in Sophos UTM, user will require any additional log-in in the client software and it does require a profile to be downloaded from the User portal for once or after any changes in the SSL VPN profile configuration. You may look into the possibility of using Sophos Connect Client VPN which uses IPSec. Refer to this KBA: https://community.sophos.com/kb/en-us/134050

Sophos Utm Download

Regarding publishing MS SSTP server, you can do it by configuring relevant DNAT rules on Sophos UTM to point it to internal MS SSTP server.

Sophos Utm Wireguard Software

Regards,
^JG