Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MPLS & IPSEC Failover with SD-WAN

Hello All,

Need help with Failover - I've a XG106 with MPLS Terminated on it and ILL. IPSec Tunnel is formed between HO and this XG106.

I want to achieve Failover of Connectivity to HO on IPSec Tunnel in event of MPLS down, using SD-WAN. Tried seaching in the forum but couldn't find the solution.

Any lead on this is welcome, Thanks



This thread was automatically locked due to age.
Parents
  • Hi : In order to achieve failover using SD-WAN you may require IPSec site to site tunnel with RBVPN type as that will give you xfrm interface to choose from in the SD-WAN routing rule.

    Regarding MPLS terminated on XG, If it is terminated as in WAN you will get the same in the SD-WAN rule to choose in the routing option. If it is terminated as in a non-WAN zone then you may add a custom gateway under Network > Routing > Gateway > Add with the required "Health check" probe to detect the down condition. 

    Now in SD-WAN rule primary gateway would be MPLS on both the end secondary would be xfrm one on which RBVPN is up and running. So if the primary will be down based on a defined health check then traffic will be shifted to the next one which is RBVPN (over IPsec).

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

  • Hello Vishal,

    Thanks for your response, I've configured the MPLS as DMZ, I'll switch it to WAN and do as you have suggested and will update here soon.

Reply Children
No Data