Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 20 replies
  • Subscribers 41 subscribers
  • Views 4631 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SD-WAN policies my experience so far

rfcat_vk

Hi folks,

I have been experimenting with the SD-WAN pouches since yesterday after Luk and Lucar kindly explained what i was doing wrong.

So far

1/. 1 policy working

2/. many attempts at creating two new policies covering different rules failed.

I had to do a restore after I broke something, not sure what.

What I have found is that the SD-WAN policies do not know how to handle ports like 8000, 5222. The SD-WAN policies do not have a problem handling HTTPS, HTTP and SIP.

If I delete the SD-WAN policy for 8000 and setup a linked NAT, traffic resumes, the same for the 5222 firewall rule.

Thoughts and suggestions. Am I expecting too much?

Ian



This thread was automatically locked due to age.
Parents
  • 0

    Hi Ian,

     

    i cannot follow you.

    Maybe let's spend some time on SD-WAN Handling.

    Basically Sd-WAN will hit right before the packets is about to leave the Interface.

    So everything already took place.

    Only SNAT will be applied afterwards. 

    I am confused, that your setup is working with a Linked NAT and not a default nat? 

     

    Maybe take a look at the conntrack on the CLI to find the matching SD-WAN policy. 

    __________________________________________________________________________________________________________________

Reply
  • 0

    Hi Ian,

     

    i cannot follow you.

    Maybe let's spend some time on SD-WAN Handling.

    Basically Sd-WAN will hit right before the packets is about to leave the Interface.

    So everything already took place.

    Only SNAT will be applied afterwards. 

    I am confused, that your setup is working with a Linked NAT and not a default nat? 

     

    Maybe take a look at the conntrack on the CLI to find the matching SD-WAN policy. 

    __________________________________________________________________________________________________________________

Children
No Data
Unfiltered HTML