Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
I'm experiencing a strange issue with the SDWAN routing engine. I have 2 Sophos XG connected via route-based ipsec (xfrm interfaces) and using SDWAN rules for the routing decision.
The XG located at the branch office route traffic, using a SDWAN rule, from the subnet 192.168.112.0/24 to 192.168.111.0/24.
In the SDWAN rule I'm using the "Route only through specified gateways" options.
As you can see the traffic incoming is routed via xfrm6 interface.
But sometimes the packets are not routed correctly. Instead of going out through the xfrm tunnel they are routed to the PPPoE interface.
Disable, and re-enable, the SDWAN rule fix the issue, at least temporarily.
I'm not able to determine the root cause of the issue. Any ideas?
Could you show us your SD-WAN rule?
The rule target the VoIP traffic (SIP and RTP) and the WebRTC. I remove the labels because the naming convention would mean anything to you.
So basically you need the following:
If you see the problem, go to the advanced shell.
Do a "conntrack -L | grep IP" (Replace IP with the actual IP above).
Then check the output and look for your 5060 Connection. You can also do multiple | to make the search simpler.
Within the output there is something called pbdir0= and pbdir1= This flag describe the used SD-WAN Route. If this is 0, the SD-WAN route is not hitting. If there is a number other than 0, the SD-WAN Route is hitting.
We need to know, where to continue to look.
The next time the issue occurs I'll check che connection tracking using conntrack command.
I used the Connection list, using the Sophos XG GUI interface, and filtering by the device IP the connections list was empty.