Hi, I'm new to Sophos V19. I have 2 wan links from different ISPs. I don't want to do any load balancing. All I want to do is to access some websites using wan1 link, and some other websites with wan2. I was able to do this in previous versions…

Hey guys. I wanted to understand how to better treat the SLA and the health check. My doubts: 1 - When I select custom SLA, the percentage specified in "maximum lost packet" is based on the "Example size for SLA" right? 2 - If I have packet loss…

Hi Guys, One of our customers has 3 ISP links and he needs to configure one ISP for the Active and the other two as a Backup line, When active links go down, we have to use both backup links to share the traffic. Is there any workaround for that scenario…

Hey guys, hope all is going well. I'd like some guidance on how to enable SD-WAN Zero-impact failover. My setup is pretty basic, with an XGS 2100 and two WAN connections. I have them configured in a fail-over approach (not load balancing), using an…

Hi All I am hoping someone with multi wan experience can help us. I believe its down to routing. So we have 3 WAN's in operation, see our diagram attached, the copy monitors all sorts of different types of alarms and also has a phone app you can use…

I have a, what feels like to me anyway, a unique way of accessing my remote firewalls. I use the CAA client when I am at my office to authenticate myself to the firewall. This in turn allows me to access my remote firewalls via the SDWAN that is configured…

Hi, I have a dedicated WAN LINK in a router that does not support bridge mode. I want to do an SD-WAN connection group and for that I have to tell my ISP what ports I need them to port forward Does anyone know the exacly ports that Sophos Firewall…

1) If one link is being fluctuated and getting time out then how to shift all over traffic on other link. 2) how to identify both link utilization report with SVI Configuration. 3) How to identify that which Link is best path when NAT is not configured…

Hello I am new to sophos, we are carrying out a POC with your firewalls and we are having a problem, the routes choose the xfrm1 interface but with the xfrm2 ip. From what I've read it seems like a BUG NC-114075 NC-113973 XFRM1 IP: 10.1.X.2 XFRM2…

Hi! We have 2 gateways, GW1 & GW2. GW1 is the primary gateway and GW2 is the backup/failover gateway. I'm needing to route all internet-bound traffic from a specific IP address (computer) on our LAN to GW2. I also need the capability of easily turning…

SDWAN/IPSEC Tunnel Issue Setup Site A Sophos XGS 107 2 X WAN connections 2 X Route Based IPSEC Tunnels to Site B Site B Sophos XGS 87 1 X WAN connection 2 X Route based IPSEC Tunnels to Site A Issue Site B can ping and connect…

Hey guys. I have a problem that I can't figure out how to solve it. I have route-based IPsec VPN (xfrm) and when I use SD-WAN profiles for routing the non-TCP packets such as UDP from RDP or SIP are dropped. If I use the static route instead of SD…

Hello, in our head office we have a XGS2100 Cluster running on firmware version: SFOS 19.5.2 MR-2-Build624 We have some branch offices connected via IPSEC tunnel interfaces to the head office. For this we have some SDWAN Routes. Is there a way…

I have a VLAN setup for our IP phones, the phones are able to get an IP but for whatever reason their traffic is not being routed correctly. I have one phone routing fine, but the other is not routing through the correct port. 10.10.52.0/24 is the network…

Good evening! I have Remote SSL VPN setup, and I can connect to it no problem. The network address for these clients are 192.168.3.0/24. Below are my three policies for allowing traffic from the VPN zone to the WAN, LAN, and DMZ zones. Here are…

Good morning, On a XGS126 - SFOS 19.5.2 MR-2-Build624 I am looking to create an SD-WAN policy on two intersite IPSECVPN links The links are configured in "site-to-site" mode I tried to configure a failover group, but I was not convinced by the failover…

Hello guys, Currently Im rewriting Ipsec Tunnels from Site-Site mode to Tunnel Interface + SDWAN + SDWAN profiles I have the following scneario All BO connect to HO and each one to BO After rewrite it to Tunnel Mode and using SDWAN and…

Hi Everybody! After reading the following link: Sophos Firewall: How to prioritize the traffic via SD-WAN for the applications I can not redirect applications and services traffics to specific WAN link, even after changing route precedence to SD…

hi all, i have a client, and i want it to go out a different IP, rather than my default gateway, ie my main WAN ip ive assigned to a port on the FW so my ISP has given me mutiple public IPs, i have assigned my WAN port one of them ie main one and…

I would like to route my WhatsApp traffic through various gateways. I have established an SD-WAN rule, which currently works only with IP addresses. However, as the IP addresses keep changing over CDN, I prefer to use Fully Qualified Domain Names (FQDN…

hi all, how do i change the route precendence from Static route, SD-WAN route, VPN route. to Static route, VPN route, SD-WAN. so the SD-WAN is the last when i change, the firewall doesnt require a reboot does it? thanks, rob

Hi, When creating and SD-WAN connection group in central, we get to configuring interfaces and have the option of choosing either "SD-WAN profile" or "Primary and Backup gateways". What is the actual difference here? It's not explained anywhere…

I have created an SDWAN routing to route a particular internal network via ISP 2. The problem is even traffic destined to DMZ zone in the same firewall is being routed via this SDWAN policy towards ISP 2 interface. How can internet from an internal…

Hi! I have created an SD-WAN policy so that the devices of a VLAN go out to the Internet through a specific WAN line. It works. However, the devices of said vlan can no longer access to a device of another vlan when before the sd-wan rule they could…

Hello Community, We want to create a SD-WAN Route for WAN traffic and Internal Traffic to Data-Center. Currently we have Branch location connected to Data-Center on IPSec Tunnel created with xfrm interface and BGP for failover. Now few of our key…