Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 1286 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outgoing (SMTP) Traffic uses undefined WAN Line

GernotMeyer

Hi all,

I have Sophos XG 18.5.4 with multiple WAN lines (different vendors for failover) and also multiple IP addresses per wan line.

Outgoing SMTP traffic needs to fit MX config in internet so I defined SD WAN and NAT rules as described here

https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/122602/sophos-xg-how-to-setup-mta-mode-when-you-have-multiple-wan-ports-or-alias-ip-addresses

to reduce outgoing SMTP traffic to 2 of our 3 WAN lines (SD WAN) and also NAT rule to reduce to one IP per line (fitting MX config).

Now I get rejected mails because our third line was used!

SD WAN rule:

NAT rule

XG is in MTA mode.

I also changed Route Precedence to Static - VPN - SD-WAN.

What's the mistake?



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to dirkkotte

    Hi,

    sorry for late answer:

    Here result of ssh commands:

    console> show routing sd-wan-policy-route system-generate-traffic
    SD-WAN policy route is turned on for system-generated traffic.

    console> system route_precedence show
    Routing Precedence:
    1. Static routes
    2. VPN routes
    3. SD-WAN policy routes

Children
  • 0 in reply to GernotMeyer

    If a static route matches, the traffic use this way..

    Would try to move the SD-WAN policy routes to top.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Unfiltered HTML