Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to use two gateways on the one router XG 310?

Hello,

We have two routers configured in High Availability mode. On this devices we have one LAN, one WAN and one DMZ ports cabled with ISP router via small switch. Not so long ago we received a new pool of IP addresses from ISP that we would like to use on another WAN interface and redirect network traffic from the LAN through two gateways. We want to send one range of IP addresses through the old gateway, and redirect the other range from the same LAN subnet through the new gateway.

Please look at the diagram of our network in the attachment and tell us how to properly configure Sophos XG so as not to damage anything in the existing system. I will be doing this switching on a living organism, so I want to be sure that I will not lose access to the router and the routing will work correctly.

The diagram shows the server with virtual machines (blue computer), which I intend to run through another gateway (WAN2), and leave the remaining network with remote VPN tunnels on the old gateway (WAN1) -> photo in the attachment. nextcloud.wodr.poznan.pl:8443/.../AcR3pwWzaXgWQyc

Incoming traffic should be controlled by existing rules in Firewall and NAT. Am I imagining everything correctly? Will this work as I planed?

1. First, I created a new interface
2. Secondly, I separated the local and remote IP addresses into groups
3. I also plan to create the following rules in SD-WAN Routes to send network traffic through various gateways



This thread was automatically locked due to age.
Parents Reply
  • I've already done it. The only thing I noticed is that after enabling the rule in SD-WAN, the firewall rule ID for the described packets changes from 22 to 14.NAT rule ID is still #40. But I still don't understand why this happens and what should be changed in the configuration.

    Even if you change the firewall rule so that the appropriate rule applies to these packets, the API still does not work. Disappointed 

    And one more thing. When I enabling the rule in SD-WAN the devout value in the packet headers changes to Port2 (WAN1), while without SD-WAN enabled we have devout=Port1 (LAN). I already tried changing SNAT to 192.168.2.2 (which changed the dst-reply value in the packet headers) and Outbound Interface to Port1 in NAT rule #40, but it didn't work. The counter generally does not change and the packets do not travel.

Children