Brainstorming for multi-site LAN (local), WAN (w/IPsec VPN), LAN (Metro Ethernet) setup

Question

Hello, 
 Sorry if this is a bit broad, but just need a nudge in the right direction. 
 Struggling with how to utilize Metro Ethernet as an SD-WAN path for RO WAN traffic through HO, and if it is even possible. 
 Also, similar issue, how to approach using IPsec failover for local LAN traffic in the event Metro Ethernet is down. 
 All sites at v18-EAP3. 
 Goals are: 
 
 To provide failover for LAN and WAN traffic at remotes using IPsec and HO WAN 
 To provide load balancing for LAN traffic at ROs to HO 
 
 Current schema: 
 
 Network LAN traffic is passing over Metro Ethernet to Head Office fine, with OSPF configured and working for 13 RO subnets. 
 Local internet traffic is passing over local internet interfaces. 
 
 Remote Offices 
 Port 1 &ndash; LAN (local networks) 192.168.x.x 
 Port 2 &ndash; WAN (internet and testing IPsec VPN to HO) 
 Port 4 &ndash; LAN (Metro Ethernet handoff) 172.30.255.x 
 
 Head Office 
 Port 1 &ndash; LAN (local networks) 
 Port 2 &ndash; WAN (HO internet, and planned backup internet for ROs) 192.168.x.x 
 Port 3 &ndash; DMZ 
 Port 4 &ndash; LAN (Metro Ethernet handoff) 172.30.255.x 
 Port 5 &ndash; WAN (testing IPsec VPN to ROs) 
 
 Thanks, 
 Paul

Keyur · Accepted Answer

Hi Paul Warriner I would request you to post your question/queries to Sophos XG EAP forum using the thread- https://community.sophos.com/products/xg-firewall/sfos-eap/sfos-v18-early-access-program/b/blog/posts/sophos-xg-firewall-v18-eap-3-firmware-has-been-released 
 This is a dedicated forum for v18 and it's related content, Sophos and fellow community members will help you further.