Hello guys,
Currently Im rewriting Ipsec Tunnels from Site-Site mode to Tunnel Interface + SDWAN + SDWAN profiles
I have the following scneario
All BO connect to HO and each one to BO
After rewrite it to Tunnel Mode and using SDWAN and…
Hi Everybody!
After reading the following link: Sophos Firewall: How to prioritize the traffic via SD-WAN for the applications
I can not redirect applications and services traffics to specific WAN link, even after changing route precedence to SD…
hi all,
i have a client, and i want it to go out a different IP, rather than my default gateway, ie my main WAN ip ive assigned to a port on the FW
so my ISP has given me mutiple public IPs, i have assigned my WAN port one of them ie main one and…
I would like to route my WhatsApp traffic through various gateways. I have established an SD-WAN rule, which currently works only with IP addresses. However, as the IP addresses keep changing over CDN, I prefer to use Fully Qualified Domain Names (FQDN…
Feature Request:
In the SD-WAN Route Section there is no option to filter by users.
There is an option to filter by source but not by user.
Overall the filtering for the Routes section needs to be better like the rules and policies section.
hi everyone.
i have created ipsec route base vpn but when everything done, the traffic is going through wrong tunnel interface.
the precedence route is static > sd wan route > vpn route.
ipsec status is up. and i have added route to the remote…
hi all,
how do i change the route precendence from
Static route, SD-WAN route, VPN route.
to
Static route, VPN route, SD-WAN.
so the SD-WAN is the last
when i change, the firewall doesnt require a reboot does it?
thanks,
rob
Hi All,
We have Head Office with 6 Branch Offices. Each Branch office is connected to the Head Office via a Policy Based IPSEC S2S VPN. The head office and branch offices all have 4G backup internet. Hence, this requires 4 tunnels per branch office…
Hi,
When creating and SD-WAN connection group in central, we get to configuring interfaces and have the option of choosing either "SD-WAN profile" or "Primary and Backup gateways".
What is the actual difference here? It's not explained anywhere…
I have created an SDWAN routing to route a particular internal network via ISP 2. The problem is even traffic destined to DMZ zone in the same firewall is being routed via this SDWAN policy towards ISP 2 interface.
How can internet from an internal…
Apologies if this has already been covered.
Sophos XG Firewall (Home Edition) SFVH (SFOS 19.5.1 MR-1-Build278) I have 5 public static IP addresses provided by my ISP. I have a single gateway address of xxx.xxx.xxx.9 I have a single WAN port which has…
My specific problem now is I can't get the MTA mode and alias IP addresses to work. Tried following the instructions in and https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/122602/sophos-xg-how-to-setup-mta-mode-when-you-have-multiple…
Hi!
I have created an SD-WAN policy so that the devices of a VLAN go out to the Internet through a specific WAN line. It works.
However, the devices of said vlan can no longer access to a device of another vlan when before the sd-wan rule they could…
Hello Community,
We want to create a SD-WAN Route for WAN traffic and Internal Traffic to Data-Center.
Currently we have Branch location connected to Data-Center on IPSec Tunnel created with xfrm interface and BGP for failover. Now few of our key…
Hi all,
currently i am struggeling with the concept for a customer with more then 20 sites/branch offices.
Current setup is with RED-Devices, but the performance and stability is really bad, so we are thinking about using firewalls instead of red…
Hello,
i have issue with v19.5 , i have server in DMZ zone there's a connection between the server the other in other subnet and i made a rule for this, and working fine, and there's rule LAN TO WAN for this server , the problem is when i create SD…
I need to route a single host through a WAN that is not the default wan.
In the previous firmware version I just had to create a firewall rule and specify the gateway, but now...I'm lost.
I've followed this article Sophos Firewall v19: How to Choose…
Hi, We have 2 Wan Ports with load balancing.
We would like for specific websites to go through port WAN2 but all other traffic (other websites) to use the load balancing ratio we have set up.
Sophos XG 135 V19.
I'm having issues getting a static route or SD-WAN route to work on my XGS 116 (19.5 MR1 firmware). I am in the process of replacing aging SonicWall devices with Sophos and it's mostly going ok, except for this issue. The network layout is fairly simple…
Apologies for my poor understanding on routers and English language.
XG210 19.0.0 GA-Build317
We have 3 public IP address ranges from 3 ISPs assigned to 3 WAN ports.
Is it possible to reach our ISP-1's IP address range via ISP-2, ISP-3 WAN when…
While I have been configuring a Sophos Firewall, ran in a strange issue. I setup a SDWAN rule to load balance between 2 ISP links. As soon as the policy is saved, I lost access to the Firewall.
I am able to access Internet through the Firewall and the…
Dear Mate,
I've two links one is a static IP address another is a PPPoE connection, both links are ACTIVE connections, whenever a static IP link is down, the PPPoE connection is not working properly, it's very slow but that pppoe link is 400mbps line…
Hello dear community friends! Next, I created vpns tunnels using SD-WAN routes between the DataCenter and the Branch as shown in the image below. Both firewalls are version 19.5.0 GA-Build197
Note: They are currently disabled, as I returned to vpn for…
XG86 Firewall v19.0MR1 TLDR: When i enable SD-Wan for a certain zone to use differente Gateway all other rules on that zone is ignored I have 2 Zone and 2 Wan. First LAN zone use ISP1 and ISP2 as a backup For the Second Zone i need ISP2 default and ISP1…
I have 3 sites (A, B, and C).
Site A: 172.16.16.0/24 Site B: 192.168.1.0/24 Site C: 10.23.1.0/24
Site A and B are both Sophos XG firewalls configured with a route based IPSec tunnel interface between each other Site C is remote and is outside our…