Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 25 replies
  • Subscribers 29 subscribers
  • Views 9614 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

V17 to V18 Migration - Specific Gateway

VikenNajarian

Hello,

 

I tested the V18 this weekend during hours, and I'm sure I'm missing something for my actual rules from V17 to be the same on V18...

 

I watched the videos of NAT explained in V18, and read the KB, but I must be dumb I don't know... and I can't figure out to have the same thing on V18...

Here are screenshots of my V17 rules

First, this is the rule #1, with specific VLANs to access the Internet with specific services from specific gateway " WAN link load balance"

Second, this is the rule #15 with VLAN100 accessing the internet with all ports and all destinations, with specific gateway "ADSL"

 

Then, we can see that the #15 rule is on the top and will be asked first by the firewall rules, and the #1 is bottom.

 

I tested to do the same on V18, and tried to tweak the SD-WAN thing to use specific gateway, but it routes all the traffic even if this is not internet ( Ie VLAN 1 to VLAN 10 RDP are routed to default internet gateway which is dumb because this is internal traffic...)

So can someone explain me the exact way to have the 2 same rules I had in v17 for V18?

Thank you.

Regards.



This thread was automatically locked due to age.
Parents
  • 0

    Viken,

    can you share the SD-WAN rules?

    To be honest I prefer the old method of choosing which gateway to use for each firewall rule. Now you need to move between 3 windows (Firewall, NAT and SD-WAN).

  • 0 in reply to lferrara

    Luciano,

     

    I rolled back to 17.5.9 when I saw this was so different and I couldn't do the same things I'm doing on XG since 2016 that I'm using and managing ~50 Sophos XG firewalls.

     

    I think I will create a lab VM, and will restore my v17.5.9 backup on it, then I will migrate it to v18, and I will take a screenshot of the SD-WAN rules to show you what I did yesterday on the production environment.

     

    And to be honest too, the hours testing V18 with the 3 windows Firewall rules, Nat and SD-WAN, I hated it, and I prefer much more the V17 way to manage the firewall rules. But well...


    Thank you.

  • 0 in reply to VikenNajarian

    Ok Viken, let us know.

    NAT on XG v18- was not an Enterprise NAT at all, so the NAT tab was needed. For the load balancing and gateway selection straight away on the Firewall rule was very useful and simple to use.

    I fully agree with this. And if you deal with SSL/TLS encryption, more windows are needed! The new features are nice but a better UI arrangement could be done.

Reply
  • 0 in reply to VikenNajarian

    Ok Viken, let us know.

    NAT on XG v18- was not an Enterprise NAT at all, so the NAT tab was needed. For the load balancing and gateway selection straight away on the Firewall rule was very useful and simple to use.

    I fully agree with this. And if you deal with SSL/TLS encryption, more windows are needed! The new features are nice but a better UI arrangement could be done.

Children
No Data