We have this scenario where in we have a branch location and the location is connected using 2 P2P Links. At HO side we have Sophos XG330 and BO its a Sonicwall.
The P2P links on XG330 are in DMZ zone, we have created custom gateway and have configured a SD-WAN Route. - refer screenshot. the Route precedence is set to
console> system route_precedence shRouting Precedence:1. SD-WAN policy routes2. VPN routes3. Static routes
Issue is we are not able to ping / reach the Branch Local LAN with this. The moment we add a Static route, we are able to reach.
Hello Ajay Sharma1 ,Thank you for reaching out to the community, is the health check on your custom gateway on ? What is the status on your custom gateway could you share a screenshot ?On the CLI, select option 4. Device Console || Can you share the output for given command below !>system diagnostic utilities route lookup <destination IP>
Thanks & Regards,_______________________________________________________________
Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
Health check is on. Currently out of 2 1 Link is up
Output of system diagnostic utilities route lookup
console> system diagnostics utilities route lookup 10.3.0.110.3.0.1 is located on the Port310.3.0.1 is reached through the router 103.xx.xxx.x1console>
the Router IP is WAN Port of ILL on Port3
Kindly share the details of the firewall rules created.
Later, initiate the ping from the LAN to MPLS network and collect the tcpdump on destination IP and observe whether it is being sent out via the specified port or not.
You may also try linking the NAT on the firewall rule created and if still does not help. Raise the ticket with the support to investigate it further and DM me the case ID.
Mayur MakvanaTechnical Account Manager | Sophos Technical SupportSophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |If a post solves your question use the 'This helped me' link.
Both the P2P Links are in DMZ Zone. We have created the Rule for LAN to DMZ and DMZ to LAN. Also, we are able to ping the BO End Interface IP (172.16.16.6).
I'll try linking NAT rule for the same. And revert you with the tcpdump too.