Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SDWAN Routing not working with/after Static Routes

I have got 2 Sophos FW Home firewalls (Home, and In-laws) running V20.0.0 with a red-link working between them.

This link has historically been Static Routes at each end and has worked perfectly but we want to separate some traffic so I have tried to move over to SDWAN Routing.

Whenever I created the SD-WAN routes according to workflows, the routers have all failed to send any traffic across (I thought I was missing something).

In my numerous attempts to get this working, I managed to create a SD-WAN rule that bricked all communications in and out of one of the two routers, and the only (And quickest) solution was to do a factory reset.

I decided as part of reconfiguration to only do the SD-WAN routing and not touch static routes, and magically they are working on that router..

If I replicate the config on the other router (not been reset (yet)) then it just breaks all traffic, even after a reboot.

I have already set routing order preference to SD_WAN, Static, VPN so the SD_WAN should take priority, but it just doesn't seem to do anything.

Am I missing something? 

Thanks

Ian 



This thread was automatically locked due to age.
Parents Reply Children
  • Frustratingly tried all permutations of Any, or actual network on source and different options for destination with no success.

    Gave up and just reset the box to factory settings, and reconfigured the SD WAN in exactly the same without ever touching the Static routes, and hey presto it just worked.

    Then continued to configure the box back to how it was configured before, and the problem came back. But this time as I was doing a step by step configuration I could see what causes it.

    Turning on the Spoof Protection General Settings does break it, but turning it all off and magically it all comes back!

    So I am going to say, it is potentially bug that Spoof Protection interacts with SD-WAN, or at least a documentation shortfall stating that Spoof Protection and SD-WAN do not play nice together.