Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Where to start with SD-WAN configuration

We have 2 firewalls at the main office in an active-passive HA pair.

We just purchased another smaller XGS 107 to be used at a remote branch as a start to our SD-WAN project (we are going to be purchasing more firewalls to add later, but want to use this as a template).

Firewalls are managed in Sophos Central.

I am confused by Sophos Central Orchestration and the best way to get started in getting this SD-WAN set up. I read this article -

community.sophos.com/.../sophos-firewall-managing-firewall-and-sd-wan-orchestration

My questions are as follows,

1) is this the right place to start if I want a fully redundant SD-WAN? Am I barking up the wrong tree? There will be 12 firewalls in total once the project is done and managing them all centrally is ideal

2) Do all the firewalls need the same configuration (rules, routes, etc)? How do I make sure the main office firewalls are the 'master' and don't get overwritten by anything in Sophos central? It was actually unsettling adding these to a group because it immediately started writing config. I chose the main firewalls as a template to the xgs 107 and it even copied over the WAN IP of the main firewalls, why??? They would clearly have a different WAN IP at the new branch.

3) Do you have any documents (in order) on where to start with SD-WAN? The documentation is out there but very fragmented. I don't know how the pieces all fit together.

Thank you



This thread was automatically locked due to age.
Parents Reply Children