This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Redundant Internet out LAN Zone


Two different sites running XG units.  Each site has it's own dedicated internet connection.  The two sites are connected to each other via private fiber into Eth4 (LAN Zone) on the respective XG which provides access to resources at each location.

The client has requested a solution that would leverage the internet connection at site B should the internet connection at site A drop. Normally this would be done with redundant connections into WAN1 and WAN2, but the backup connection will route out the fiber on Eth4 which is configured as a LAN Zone.  Looking through all the guides, all I see is reference to Dual WAN and VPN backup but nothing regarding dynamically changing your 0/0 default route to go out the LAN size.

I looked at policy routing and I believe that will black-hole traffic that normally traverses this private fiber between the two sites.

This thread was automatically locked due to age.
  • FormerMember
    +1 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    You need to follow the below steps to leverage/route internet traffic to SiteB if the dedicated internet connection of SiteA drops.

    Configure custom gateway for fiber connection(LAN) and SD-WAN policy at SiteA.

    ==> Navigate to CONFIGURE > Routing > Gateways

    ==> Navigate to CONFIGURE > Routing > SD-WAN policy route and set up the policy as below.

    A similar configure needs to be done at SiteB(Configure interface and gateway IP accordingly).

    Hope this helps.

  • Interesting.  What keeps this rule then from sending all traffic directly out to the internet gateway (primary or backup) with the Source Network being the local network and the destination being 'any'?