XG86 Firewall v19.0MR1 TLDR: When i enable SD-Wan for a certain zone to use differente Gateway all other rules on that zone is ignored I have 2 Zone and 2 Wan. First LAN zone use ISP1 and ISP2 as a backup For the Second Zone i need ISP2 default and ISP1…

I have 3 sites (A, B, and C). Site A: 172.16.16.0/24 Site B: 192.168.1.0/24 Site C: 10.23.1.0/24 Site A and B are both Sophos XG firewalls configured with a route based IPSec tunnel interface between each other Site C is remote and is outside our…

Hi, I'm experiencing a strange issue with the SDWAN routing engine. I have 2 Sophos XG connected via route-based ipsec (xfrm interfaces) and using SDWAN rules for the routing decision. The XG located at the branch office route traffic, using a SDWAN…

We have a separate VLAN set up and working for our Guest Wifi network. Clients (mostly cell phones) receive a DHCP IP in the correct range, are segregated from any other network communication, and can get to the internet fine. What we would now like to…

Hey all! I'm looking to schedule SD-WAN routes. For example, to send my traffic down one gateway during working hours but then move to another one for the evenings/weekend. It seems schedules are available elsewhere for rules, but not for SD-WAN. I guess…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Topology Head Office Central…

Hi, I am currently changing our IPSEC VPNs from Cisco ASA to Sophos XGS, but now I am experiencing a strange behaviour regarding the routing. Route-precedence is VPN-Static-SD-WAN. Currently the ASA is handling the IPSEC tunnels so I created 3 static…

Hi, community. I have an issue with my failover VPN to Azure. I have an XG210 v19, connected to 2 ISPs. I have a VPN connection to Azure cloud for SAP services. As recommended for Sophos, I created the VPN as tunnel interface, with xfrm interfaces.…

Currently, I'm using the SOPHOS XG firewall in my office There are two ISPs: a primary ISP ( SuperNet ) with a dedicated link of 40Mbps, and a secondary ISP ( Transworld Home Fiber ) with a 100 Mbps shared link, and I want to configure my voice server…

i have XG firewalls located in china and sometimes the latency of some links to sophos getting to slow so i dont get a resonse in time for example for live protetcionn right now im trying to setup a SD WAN for all sophos services, but that it work well…

Hello Community, We have this scenario where in we have a branch location and the location is connected using 2 P2P Links. At HO side we have Sophos XG330 and BO its a Sonicwall. The P2P links on XG330 are in DMZ zone, we have created custom gateway…

Dear All, i have configured two isp as below snapshot is it corect or we need to configured sdwan policy for redudancy please suggest.

Short question: What are default values for both option of "set routing sd-wan-policy-route" in the CLI? The docs could make this more clear, as they only mention, that I *can* turn both on: SD-WAN routing behavior - Sophos Firewall and set - Sophos…

I have android boxes for IPTV streaming. I can see it uses SSL Traffic over non-SSL ports, as those are the main application type that consumes a ton of data from the boxes. I have 2 WAN links, WAN1 and WAN2. WAN2 is set as BACKUP, and to activate if…

Hello Dear Partners! I configured an SD-WAN Scenario with Two VPN Tunnels and then created an SD-WAN Profiles. as the image below: I did the following Test I dropped the Main Link VPN_MTZ_1 and Sophos Quickly switched the Route to the Backup…

Hi , i have configured STAS in sophos firewall after i created multiple user based rule .if i need to used SDWAN for this user is it work or i its will work through wan link manger. i need redudancy in ISP.please help me .

I'm using a Sophos Central defined SD-Wan Connection Group and a series of rules to allow connection between sites. As best I can tell all the rules are working for all other workloads. The only place I'm aware that these rules are not working properly…

We are encountering an issue with our SD-Wan. The SD-WAN is created via a Sophos Central SD-Wan Connection group. For sake of this question we have 3 sites, (Site A = Head office where AD/DNS and RemoteApp server are at; Site B where affected user is…

Hi team, someone can say this would be silly question, but I require a clarity on the same. I am using Sophos XG136 with firmware updated to 19. I have two bandwidth from different ISP's, one is 20Mbps and second is 25 Mbps with the new feature…

Hi Community members i have to setup target country based routing. For that we have 2 "Internet lines" One standard line (local exit) and a special one to route the traffic for other countries region ! Now to my question: How do i configure the the…

Hello everyone, I am running Sophos XG (Home) v18.5 MR4 with dual-WAN in failover mode. I will soon be changing it to load-balancing globally. However, I would like to set the SDWAN policies for these 2 scenarios as exceptions to this change: Some…

Hi all, I have Sophos XG 18.5.4 with multiple WAN lines (different vendors for failover) and also multiple IP addresses per wan line. Outgoing SMTP traffic needs to fit MX config in internet so I defined SD WAN and NAT rules as described here https…

hi all, i know you do this via SD WAN and SNAT policies, like below make two SD WANS "source networks" LAN 2 subnet > "SD WAN profile" choose the other WAN 2 address in drop down "source networks" LAN 1,3,4,5,6 subnets > "SD WAN profile" choose…

Hello, how can I configure my wireless to use a different ISP rather than the one used for my LAN.

Our XG 19 has 2 ISP links. I created a NAT policy though the wizard which allows reaching a server on the LAN. this NAT policy is set to be available only on ISP1 - FiOS I also created an SD WAN policy for outbount connections to select ISP based…