Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall v18 MR-3: Feedback and experiences

Hi all,

Shall we start this new thread with the looks and feels of XG v18 MR-3?

community.sophos.com/.../xg-firewall-v18-mr3



This thread was automatically locked due to age.
Parents
  • Hello, Im running v18 MR-3 over 5 days and Im having a seirous problem.

    Currently we have a Ipsec tunnel established and working.

    I have created a SDWAN rule to direct my traffic to internet using my WAN interface

    and I have configured the route precedence to  

    Routing Precedence:
    1. VPN routes
    2. Static routes
    3. SD-WAN policy routes

    The traffic From HO to Bo over ipsec interface it works correctly, but in random momments some hosts from BO Lan when try access hosts to HO Lan has the access interruped.

    With a little troubleshooting I could check that in this momment the Hosts from BO try access the hosts to HO over WAN interface, even the ipsec tunnel is UP and other hosts from the same subnet BO LAN is working over IPSEC tunnel.

    It seems that route precedence sotp to works and redicrect the traffic over SDWAN rule. 

    Does someone has any experience like this!?

    Regards

    Carlos

  • Unlikely this is caused by the routing precedence. Instead the Policies of the Ipsec routes are a. deleted or b. the SA is dead. 

    Hence XG will use the routing precedence. 

    I would expect, that the VPN SA dies somehow. Thats kinda frequently seen issue, if there are problems with the tunnel itself. 

    __________________________________________________________________________________________________________________

  • Hi , thanks by reply.

    I believe that Ipsec routes are not deleted, because the problem does not happen with all network and yes with some hosts.

    Eg. Host 1 from BO has this problema while Host 2 from BO continue to usage VPN without problem.

    In this moment I have disabled the SDWAN rule and the problem it seems does not happen. Im still try identify where is the cause.

    Regards

    Carlos

Reply
  • Hi , thanks by reply.

    I believe that Ipsec routes are not deleted, because the problem does not happen with all network and yes with some hosts.

    Eg. Host 1 from BO has this problema while Host 2 from BO continue to usage VPN without problem.

    In this moment I have disabled the SDWAN rule and the problem it seems does not happen. Im still try identify where is the cause.

    Regards

    Carlos

Children
No Data