Sophos XG 18.0.0 GA-Build379 Wan Failover not working properly for long lasting udp connections

Hi Halino 

Thank you for reaching out to the Community!

Could you please provide the output of the following command from the console: system route_precedence show

Follow this KBA to access the firewall via SSH: Sophos XG Firewall: How to SSH to the firewall using PuTTY utility. 

Type 4 to access the Device console. 

Thanks,

Hi  do you have any suggestion?

Hi Halino 

I have replied via PM to verify your fail-over configuration detail; please reply to my PM.

Thanks,

Hi,

didn't receive any PM. Can you check?

SD-WAN is a Routing Decision for a Session.

This will be made by the first packet of the session and remain for ever. If another packet comes, it will use the already set connection decision. 

There is a option in WAN Link Manager:

Called: 

It will kill all connections, if the Gateway will comes back up. Therefore the session is considered as "NEW" and will use another gateway. 

This is usable by Backup WAN Interfaces. 

Backup WAN Interfaces can be used (called) by SD-WAN Rules. 

So you could use ACTIVE-BACKUP WAN Interfaces and tell XG to destroy everything after failback. 

SD-WAN is a Routing Decision for a Session.

This will be made by the first packet of the session and remain for ever. If another packet comes, it will use the already set connection decision. 

There is a option in WAN Link Manager:

Called: 

It will kill all connections, if the Gateway will comes back up. Therefore the session is considered as "NEW" and will use another gateway. 

This is usable by Backup WAN Interfaces. 

Backup WAN Interfaces can be used (called) by SD-WAN Rules. 

So you could use ACTIVE-BACKUP WAN Interfaces and tell XG to destroy everything after failback. 

Hi,

this is working for tcp, but seems not to work for udp flows.