Dear Sophos Community,
the following Situation:
HeadOffice (HO) 2 ISPs (HO-WAN1, HO-WAN2) with diffrent bandwidths each, XG-Cluster running the latest SFOS 18.5
BranceOffices (BO1-BOn) with each 2 ISPs (BO1-WAN1, BO1-WAN2, BO2-WAN1, etc.) with diffrent bandwidths each, XG-Cluster running the latest SFOS 18.5
Goal: Connections from every BO to the HO, due to Servers residing there, as well as interconnection between the respective BOs to one another, due to VoIP connections. Since every Office has 2 ISPs, we would want to have redundant VPN connections with some sort of load balancing
Realisation: RBVPN Tunnels from HO-WAN1 to BO1-WAN1, BO2-WAN1, ..., BOn-WAN1, as well as HO-WAN2 to BO1-WAN2, ..., BOn-WAN2, as well as Connections between each and every BOx-WAN1 to BOy-WAN1 and BOx-WAN2 to BOy-WAN2
At first we tried resolving the Routing by adding a huge amount of static routing entrys (HO has around 20 REDs attached), this way only one isp was used, due to routing metrics
Adding a new RED Network to the HO turned into a lot of work, since the new Network-Segment had to be published on every BO manually, so we turned to dynamic routing (OSPF)
configuring OSPF as presented here Sophos XG Firewall: How to configure OSPF over RBVPN - Recommended Reads - Sophos Firewall - Sophos Community (Scenario: OSPF over RBVPN with ECMP), turned out to work very well, automatically failing over to the other isp, and even seems to do load balancing some of the traffic. However, as we have different bandwithes with each ISP, we would like to weight the diffrent routes individually say XX-WAN1 has double the bandwidth of XX-WAN2, how would we set weighting of 2:1 in OSPF (at this point I am open for other Routing protocolls, as long as it gets the trick done)
Added TAGs
[edited by: Erick Jan at 8:28 AM (GMT -7) on 7 Jun 2023]