Routing qestion

Question

Hello, 
 short question. I am fairly new to Sophos XG. I come from Sonicwalls and I am trying to enter a normal route where traffic from Any source going to LAN 192.168.1.0/24 should go through a certain gateway (Coreswitch). 
 
 The normal static routing just gives me the possibility to route a network through a certain gateway. Thats just outbound. But what about inbound traffic coming to that network hitting the FW. I want to specify through which gateway incoming traffic should be routed to 
 I created some SD WAN routes but I am not sure if this is the way it should be. I also do not enter any DSCP marking. Dont know if that has any effect on the beahviour of the XG. 
 
 Should a SD WAN route also work as a normal route within Sophos? What do you guys suggest? I dont want to create a FW setting the Gateway as I dont want to allow any traffic coming to the network. 
 
 Thanks!

BeEf · Answer

To be honest I don't completely know what you want and a diagramm (=picture) of the devices, networks, gatway and services and zones like DMZ and Internet would really help. I suspect you are thinking of something like a set of fw rule, nat rule and sd-wan rule for each of the gateways. But this would be outgoing.

However I step back from telling you anything: We did a migration of a 100+ firewall ruleset from 17.5 to 18 and this created a lot of NAT an SD-NAT rules which I do not completely understand on my own. Though this should be easier If you come from a clean installation.

These two links might help to understand the routing. There are other videos regarding NAT and Firewall.

https://www.youtube.com/watch?v=TolZsFNbBuM
https://docs.sophos.com/nsg/sophos-firewall/18.0/releasenotes/en-us/nsg/sfos/releaseNotes/rn_SDWANPolicyRouting.html

(In 17.5 this was configured all in the firewall rules.)

Routing qestion

Top Replies