Site to Site SSL VPN: How to choose/force a gateway for multi-WAN client?

Question

Hello, 
 
 I have the following SSL VPN (site-to-site) connections :

I've 2 WAN interfaces ( configured as Active/Active with a 50% balance - which is exactly what I want):

As a client firewall, I'd simply like to force the SSL VPN (site-to-site) connections to go through a specific WAN , and even if this WAN was down it should not go through the other one. 
 
 I'd be glad to get your help. 
 
 Thanks

FormerMember · Answer

Hi Ibrahim Al Sayed , Thank you for reaching out to Sophos Community. Setup Source NAT policy at client firewall end to route/force the SSL VPN (site-to-site) connection traffic from a specific WAN. Sophos XG Firewall: How to NAT Sophos Firewall generated traffic Here is the command for your reference. console> set advanced-firewall sys-traffic-nat add destination interface snatip console> set advanced-firewall sys-traffic-nat add destination 16.xx.xx.15 interface Port5 snatip 12.xx.xx.13 ==> To check NAT policy: console> show advanced-firewall Ibrahim Al Sayed said: even if this WAN was down it should not go through the other one. Additionally for this, you'll need to set up an SD-WAN policy(Under Routing) as shown below.

Site to Site SSL VPN: How to choose/force a gateway for multi-WAN client?

Top Replies