So I'm in an interesting situation where I cannot seem to do something as simple as I could in cisco land. The first major issue i've run into in a while with utm.
Problem: I need a VPN tunnel of some sort as a failover of a privately managed VPN (MPLS) to cover provide outages. This is routed to by a static route on each gateway (BGP in the future).
Option1/Issue1: Create a site2site IPSEC tunnel. This would not work as you cannot set the ipsec-tunnel metric in Sophos UTM. So the tunnel will always have a lower metric that the static route to the MPLS router.
Option2/Issue2: Create a site2site Red Tunnel. I had high hopes for this but apparently (for whatever stupid reason) you cannot create a static route for the same destination network (even with a different metric) in Sophos UTM.
Does anyone have any ideas? At the moment I may be stuck going the IPSec-tunnel route and just turning the main offices profile off unless there is an outage. But i would rather have an option that was live and could be monitored side by side.
EDIT: Saw this https://community.sophos.com/kb/en-us/120239 but this won't help as the gateways, in theory, would be pingable even if the provider's network was down as the first hoop (the gateway) it is local. An even if we had a user unplug one end, there is no chance we could do it at our main office.
Seems very silly that Sophos does not allow us to configure multiple static routes or backup routes. I can understand not setting weight for site2site tunnels but routes, honestly what damage could really be done, and if there were people putting is silly configs then maybe they should not be fiddling with them in the first place. They are likely to do the same damage with 1 route vs multi anyways.
This thread was automatically locked due to age.