We have 2 firewalls at the main office in an active-passive HA pair.
We just purchased another smaller XGS 107 to be used at a remote branch as a start to our SD-WAN project (we are going to be purchasing more firewalls to add later, but want to use this as a template).
Firewalls are managed in Sophos Central.
I am confused by Sophos Central Orchestration and the best way to get started in getting this SD-WAN set up. I read this article -
community.sophos.com/.../sophos-firewall-managing-firewall-and-sd-wan-orchestration
My questions are as follows,
1) is this the right place to start if I want a fully redundant SD-WAN? Am I barking up the wrong tree? There will be 12 firewalls in total once the project is done and managing them all centrally is ideal
2) Do all the firewalls need the same configuration (rules, routes, etc)? How do I make sure the main office firewalls are the 'master' and don't get overwritten by anything in Sophos central? It was actually unsettling adding these to a group because it immediately started writing config. I chose the main firewalls as a template to the xgs 107 and it even copied over the WAN IP of the main firewalls, why??? They would clearly have a different WAN IP at the new branch.
3) Do you have any documents (in order) on where to start with SD-WAN? The documentation is out there but very fragmented. I don't know how the pieces all fit together.
Thank you
Edited TAGs
[edited by: emmosophos at 10:22 PM (GMT -7) on 8 May 2024]
