Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 1648 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SD-WAN on two IPSECVPN

Matthieu CROPSAL

Good morning,

On a XGS126 - SFOS 19.5.2 MR-2-Build624

I am looking to create an SD-WAN policy on two intersite IPSECVPN links
The links are configured in "site-to-site" mode
I tried to configure a failover group, but I was not convinced by the failover performance (the group was regularly failing)

I noticed that by configuring the IPSECVPN links in "tunnel" rather than "site-to-site", a virtual interface "xfrm1 vpn tunnel" was added in "Network / interfaces" but I did not the option to select it while creating SD-WAN groups.

Do you have an easier procedure to create an SD-WAN group on two VPN links please?

Thanks you



This thread was automatically locked due to age.
Parents
  • 0

    Search for "Sophos Firewall - Tipps & Tricks - SD-WAN Failover und Failback" on Youtube. There's an helpful video from sophos showing configuration. That might help?

  • 0 in reply to FFin

    Thanks for the link

    I configured a VPN link with the information found in the video.

    I have the xfrm interface that is created (without IP on the other hand... I added "10.0.190.1", is there a standard for these interfaces?)



    I want to create a gateway with this interface, but i have a error message



    I don't understand what this IP is for.

    + I have a second question, how to lock the gateway for "internet" on my physical interface and not on the xfrm interface which is created please?


    Thanks

Reply
  • 0 in reply to FFin

    Thanks for the link

    I configured a VPN link with the information found in the video.

    I have the xfrm interface that is created (without IP on the other hand... I added "10.0.190.1", is there a standard for these interfaces?)



    I want to create a gateway with this interface, but i have a error message



    I don't understand what this IP is for.

    + I have a second question, how to lock the gateway for "internet" on my physical interface and not on the xfrm interface which is created please?


    Thanks

Children
No Data
Unfiltered HTML