This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

2 WAN's, want to keep them separate.

Hoping to get some help on the following scenario.

We have had a single WAN connection servicing all our internet traffic for all services for years and have now added a second WAN.

Our primary goal is to have these two WAN's completely separate but allow me to route certain traffic over whatever WAN port I want. I have seen that SD Wan policies can help with that and so I was looking at this.

Now this may sound stupid and maybe I've been working too hard but as my first test I was going to re-route WIFI traffic over to the new WAN. I made all the WiFi details and then made a new zone along with a new DHCP range and such and then a firewall rule to send it out over the new WAN Port. However, once I plugged in the new WAN and it became active, random traffic started going over that WAN from other rules.

My main question would be, how do I prevent any traffic from going over the second WAN I have added? I want to make sure that as soon as I plug in the new WAN connection that zero traffic can flow until I explicitly make rules for it. I am trying to treat this as a very strict connection to only allow explicitly what I say is allowed. I am hoping I would not have to re-create any Firewall rules or is that the route I will have to go ?

I appreciate any help!



This thread was automatically locked due to age.
  • Hello Brad,

    Thank you for contacting the Sophos Community.

    Make sure you have selected the correct Wifi interface under "Incoming Interface" when creating the SD-WAN Rule.

    Additionally to this, create a specific NAT rule, for the Wireless Network using the Port4 interface as Outbound interface, make sure you put this NAT rule on TOP so only traffic coming from that network is used for your second WAN interface (note I am assuming Port2 is your Original WAN and your additional New WAN interface is connected to Port4)

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • I'm sorry but this answer does not address the question I asked.

    My main question would be, how do I prevent any traffic from going over the second WAN I have added? I want to make sure that as soon as I plug in the new WAN connection that zero traffic can flow until I explicitly make rules for it. I am trying to treat this as a very strict connection to only allow explicitly what I say is allowed. I am hoping I would not have to re-create any Firewall rules or is that the route I will have to go ?

  • FormerMember
    +1 FormerMember in reply to Brad Clement

    Hi ,

    As soon as you add the new WAN interface, go to Network > WAN Link Manager and change the gateway type as a backup to prevent traffic routed to the newly added gateway. 

    Also, ensure that the SNAT rules are configured with specific outbound interfaces and not "Any." 

    Check out the following document for more information: 

    The document includes default behavior about newly added gateways, and I think it'll help you understand your requirements.

    Thanks,

  • Thank you, this is exactly what I was looking for! I appreciate your help here.