Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

XGS 3300 wrong Gateway

Hi, I've got the following case:

HA XGS3300

Three WAN connectinons

P2 ISP 1

P4 ISP 1

P6 ISP 2

P2 and P4 are BGP.

P6 is stand alone.

All internet connections are working.

When configuring SNAT and or SD-WAN all traffic for WAN is over port 4, none is going to port 6.

Checking the logs it selects the correct FW and NAT policy, then the requested GW is correct but port OUT is P4.

We have the same setup with an other customer reviewed everything, with the other customer it is working fine, always the correct nat policy an correct gateway.

Only difference we can find is this:

Advanced CLI:

route -n

 

There is a default route 0.0.0.0 to port4, we don't have them anywhere on any of our other customers FW's.

It's not in the Gui anywhere and not on the normal console.

Don't know where this default route is coming from or how to get rid of.

Kind regards,



Added V20.0 MR1
[edited by: Erick Jan at 4:47 AM (GMT -8) on 12 Nov 2024]
Parents Reply Children
  • Hi  ,

    Sophos Support want's me to change the Route preference to SD-WAN - STATIC, and then it should work. But I know I'm getting in to trouble that way with the any-any rules so I will change them to InternetV4 address groups and then schedule some off time to implement this.

    Bart van der Horst


    Sophos XG v18-v21 Certified Architect

  • As said: 

    You have two different routing tables. The RFC World aka static routing. Static routing is bgp included.
    If the static route gets a 0.0.0.0 Route, it will be used for everything. You can only "overwrite" it by using static routing with a lower metric, but then your BGP will never be used. 
    static routing does not have any kind of "load balancing" between different interfaces. It is very - Static. 

    SD-WAN gives you more freedom. But you should have internet-v4 destination routes, otherwise it will be used for "everything" - as you defined ANY. 

    __________________________________________________________________________________________________________________