This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SD-WAN routing with 2 P2P Links

Hello Community,

We have this scenario where in we have a branch location and the location is connected using 2 P2P Links. At HO side we have Sophos XG330 and BO its a Sonicwall.

The P2P links on XG330 are in DMZ zone, we have created custom gateway and have configured a SD-WAN Route. - refer screenshot. the Route precedence is set to

console> system route_precedence sh
Routing Precedence:
1. SD-WAN policy routes
2. VPN routes
3. Static routes

Issue is we are not able to ping / reach the Branch Local LAN with this. The moment we add a Static route, we are able to reach.

This thread was automatically locked due to age.

0 Vivek Jagad over 1 year ago

Hello Ajay Sharma1 ,

Thank you for reaching out to the community, is the health check on your custom gateway on ? What is the status on your custom gateway could you share a screenshot ?
On the CLI, select option 4. Device Console || Can you share the output for given command below !
>system diagnostic utilities route lookup <destination IP>

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Ajay Sharma1 over 1 year ago in reply to Vivek Jagad

Hello Vivek,

Health check is on. Currently out of 2 1 Link is up

Output of system diagnostic utilities route lookup

console> system diagnostics utilities route lookup 10.3.0.1
10.3.0.1 is located on the Port3
10.3.0.1 is reached through the router 103.xx.xxx.x1
console>

the Router IP is WAN Port of ILL on Port3
Cancel
Vote Up 0 Vote Down

Cancel
0 MayurMakvana over 1 year ago

Hello Ajay,

Kindly share the details of the firewall rules created.

Later, initiate the ping from the LAN to MPLS network and collect the tcpdump on destination IP and observe whether it is being sent out via the specified port or not.

You may also try linking the NAT on the firewall rule created and if still does not help. Raise the ticket with the support to investigate it further and DM me the case ID.

Mayur Makvana
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Ajay Sharma1 over 1 year ago in reply to MayurMakvana

Hello Mayank,

Both the P2P Links are in DMZ Zone. We have created the Rule for LAN to DMZ and DMZ to LAN. Also, we are able to ping the BO End Interface IP (172.16.16.6).

Interface Zone:

Rules:

I'll try linking NAT rule for the same. And revert you with the tcpdump too.
Cancel
Vote Up 0 Vote Down

Cancel