Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall v18 MR-3: Feedback and experiences

Hi all,

Shall we start this new thread with the looks and feels of XG v18 MR-3?

community.sophos.com/.../xg-firewall-v18-mr3



This thread was automatically locked due to age.
Parents
  • Hello, Im running v18 MR-3 over 5 days and Im having a seirous problem.

    Currently we have a Ipsec tunnel established and working.

    I have created a SDWAN rule to direct my traffic to internet using my WAN interface

    and I have configured the route precedence to  

    Routing Precedence:
    1. VPN routes
    2. Static routes
    3. SD-WAN policy routes

    The traffic From HO to Bo over ipsec interface it works correctly, but in random momments some hosts from BO Lan when try access hosts to HO Lan has the access interruped.

    With a little troubleshooting I could check that in this momment the Hosts from BO try access the hosts to HO over WAN interface, even the ipsec tunnel is UP and other hosts from the same subnet BO LAN is working over IPSEC tunnel.

    It seems that route precedence sotp to works and redicrect the traffic over SDWAN rule. 

    Does someone has any experience like this!?

    Regards

    Carlos

  • Hi Carlos,

    We will try to reproduce the problem in our lab. In the mean time, could you please upload the config on HO and BO here ? Or if you could share the access to your device, we will debug the issue.

  • on the remote Firewall check the routes with route -e and on advanced console with console> system ipsec_route show

    we have a case open where the routes into the tunnel are not visible and the XG does not know that the network is behind ipsec0 virtual interface. although on Web GUI in Diagnostics - Route lookup it lists the correct gateway.

  • Hi .

    Thanks by reply, I just check  system ipsec_route show and the information are not visible

    But only for information, we have a devices running with v18 MR1, with the same configs related.

    Ipsec + SDWAn rules and it is working as expect. But checking it now, I cannot see the ipsec routes too.

    regards

    Carlos

  • Those cish ipsec_routes are "manually configured routes". Not the basic SA routes.

    Please check the #ipsec status

    __________________________________________________________________________________________________________________

Reply Children