snat multiple gateways

Question

SNAT with multiple WAN gateways isn't working.. 
 
 WAN Gateway 1 = Port3 - its public with /27 worth of aliases 
 WAN Gateway 2 = Port5 - its public with /28 worth of aliases 
 
 (IP Host) SNAT with Port3 aliases work for all of the rules I've created. 
 (IP Host) SNAT rules for Port5 don't work at all. They use the main Port3 address no matter what I do. 
 
 Anyone know how to fix this? I'm not doing any thing exotic. Not using SD-Wan or failover...Just simple rules for in and simple rules for out.

midnightSun · Accepted Answer

Sophos support call recap. 
 Support verified SNAT was working for #Port3 aliases but wasn't working for #Port5 aliases. 
 All #Port5 traffic was trying to exit #Port3 using the Default SNAT rule instead of the SNAT rule it should have used. 
 The work around was to create SD-WAN routes for #Port5 "ONLY" . Once this was done the original #Port5 SNAT rules work as expected. 
 
 After hanging up the crazy thing "to me" is #Port3 SD-WAN routes don't work. The system sees my #Port3 as the primary WAN and requires SNAT rules as normal only for #Port3. As a software dev, IMOP if the end user isn't using SD-WAN routes it should be off. Remove the layer at minimum. If SD-WAN routes are enabled then enable the layer.. Not intuitive at all. I assume since "Load-Balancing" is on by default with multiple WANs this is what's breaking SNAT. 
 
 Example of a SD-WAN rule to trigger .

. In closing SFOS support was going to send me to the "configuration team" . I'm glad I talked them into figuring out why SNAT wasn't working as all the docs said it should have. Hope I never need to contact support again but its good to know if I do it will get solved. Thanks !

Mayur Makvana · Answer

Hello, 
 You need to review the settings of " Override source translation (SNAT) for specific outbound interfaces" in snapshot shared. You might wants to open support ticket to understand or differentiate it. Do share us the ticket number for tracking purpose.

snat multiple gateways

Top Replies