I used the instructions here (https://community.sophos.com/kb/en-us/123323) to set up an MPLS failover to a VPN between two XGs. The MPLS connection has been working just fine for months, but it had been configured as a LAN connection. I reconfigured it on both ends to be in the WAN zone as the instructions require, and set the IPsec failover command in the console. The result is failed MPLS monitoring, and the connection has "successfully" failed-over to the VPN. I can't seem to figure out how to get the MPLS to connect though.
One difference in my setup compared to the instructions is that I don't have router IPs on each end of the MPLS. We are simply given a straight, end-to-end private connection, and the IP address is determined by the XG on each end. So, I have 10.0.0.1 as the address on the HO, and 10.0.0.2 on the BO. I told the monitor on each XG to PING the corresponding IP address on the other end. I am unable to PING that address from a PC on the LAN as well, so I figure it may be a routing or firewall rule issue. However, when I PING from a PC on the HO end, the FW logs show the ICMP traffic as allowed, with the correct FW ports, but it never shows in the logs on the BO end. I need some guidance to figure out where I went wrong. It seems like it should be pretty simple, but I can't seem to figure I out.
This thread was automatically locked due to age.
