XGS 3300 wrong Gateway

Can you ping me the support access ID of this firewall? 

Hi LuCar Toni ,

We found the problem it's in the PGB config, we have filter rules in place, mandatory from the provider, that causing this problem.

We are in the proces of finding out what to do with the provider.

But you're welcome to have a look.

I'll PM you the SA ID and the case ID.

But you find the origin of the Default Route? 

Yes it's in the BGP route tabel:

Current configuration:

!

frr version 8.4.2

frr defaults traditional

!

hostname bgp

log stdout

!

!

!

router bgp 4200030937

bgp router-id x.x.x.x

bgp log-neighbor-changes

no bgp ebgp-requires-policy

no bgp hard-administrative-reset

no bgp graceful-restart notification

neighbor x.x.x.x remote-as 4200030921

neighbor x.x.x.x remote-as 4200030923

!

address-family ipv4 unicast

  network x.x.x.x/29

  neighbor y.y.y.y prefix-list aoa-import in

  neighbor y.y.y.y prefix-list aoa-export out

  neighbor z.z.z.z prefix-list aoa-import in

  neighbor z.z.z.z prefix-list aoa-export out

exit-address-family

!

exit

!

ip prefix-list aoa-import seq 10 permit 0.0.0.0/0

ip prefix-list aoa-import seq 20 deny 0.0.0.0/0 le 32

ip prefix-list aoa-export seq 10 permit x.x.x.x/29

ip prefix-list aoa-export seq 20 deny 0.0.0.0/0 le 32

!

!

!

line vty

no login

exit

!

If i remove the filter list the BGP breaks down. Not sure wat to do. 

Hi LuCar Toni ,

Is there anything you can recommend?

So basically, BGP is a static route in principle of routing stack.  Sophos Firewall: Routing in Sophos Firewall with SD-WAN PBR If you generate a SD-WAN Route, it will not hit, as your routing precedance is: static - sd-wan. 
That means, the default route from BGP will be always applied. 

You can change it to SD-wan - static, but then the SD-WAN to WAN route will always hit.  

You should be very careful about the usage of SD-WAN Routes with Destination Network ANY.

ANY means, it will be applied to ANY packet. You can also influence internal network traffic. I would rather recommend to move from ANY to Internetv4. 

So basically, BGP is a static route in principle of routing stack.  Sophos Firewall: Routing in Sophos Firewall with SD-WAN PBR If you generate a SD-WAN Route, it will not hit, as your routing precedance is: static - sd-wan. 
That means, the default route from BGP will be always applied. 

You can change it to SD-wan - static, but then the SD-WAN to WAN route will always hit.  

You should be very careful about the usage of SD-WAN Routes with Destination Network ANY.

ANY means, it will be applied to ANY packet. You can also influence internal network traffic. I would rather recommend to move from ANY to Internetv4.