Hi all,
Shall we start this new thread with the looks and feels of XG v18 MR-3?
community.sophos.com/.../xg-firewall-v18-mr3
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Hi all,
Shall we start this new thread with the looks and feels of XG v18 MR-3?
community.sophos.com/.../xg-firewall-v18-mr3
Hello, Im running v18 MR-3 over 5 days and Im having a seirous problem.
Currently we have a Ipsec tunnel established and working.
I have created a SDWAN rule to direct my traffic to internet using my WAN interface
and I have configured the route precedence to
Routing Precedence:
1. VPN routes
2. Static routes
3. SD-WAN policy routes
The traffic From HO to Bo over ipsec interface it works correctly, but in random momments some hosts from BO Lan when try access hosts to HO Lan has the access interruped.
With a little troubleshooting I could check that in this momment the Hosts from BO try access the hosts to HO over WAN interface, even the ipsec tunnel is UP and other hosts from the same subnet BO LAN is working over IPSEC tunnel.
It seems that route precedence sotp to works and redicrect the traffic over SDWAN rule.
Does someone has any experience like this!?
Regards
Carlos
Unlikely this is caused by the routing precedence. Instead the Policies of the Ipsec routes are a. deleted or b. the SA is dead.
Hence XG will use the routing precedence.
I would expect, that the VPN SA dies somehow. Thats kinda frequently seen issue, if there are problems with the tunnel itself.
__________________________________________________________________________________________________________________
Hi LuCar Toni, thanks by reply.
I believe that Ipsec routes are not deleted, because the problem does not happen with all network and yes with some hosts.
Eg. Host 1 from BO has this problema while Host 2 from BO continue to usage VPN without problem.
In this moment I have disabled the SDWAN rule and the problem it seems does not happen. Im still try identify where is the cause.
Regards
Carlos
Hi LuCar Toni, thanks by reply.
I believe that Ipsec routes are not deleted, because the problem does not happen with all network and yes with some hosts.
Eg. Host 1 from BO has this problema while Host 2 from BO continue to usage VPN without problem.
In this moment I have disabled the SDWAN rule and the problem it seems does not happen. Im still try identify where is the cause.
Regards
Carlos