Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 26 subscribers
  • Views 230 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Wan 2 Wan routing issue

BonifaceM

My setup is as below

I am using 2  XG firewalls with the following configuration:

Headquarters

  • WAN  on Port 1 = Internet Connection A
  • WAN on  Port 2 = MPLS Connection
  • Lan on port 3 - LAN on HQ Side (192.168.2.1/24)

Branch

  • WAN  on Port 1 = MPLS Connection
  • Lan on port 2 - LAN on branch Side (192.168.10.1/24)

The MPLS connection has routing done between the two by the ISP.  I need branch to browse through the HQ branch. I have set the HQ firewall to accept traffic from the WAN (Branch) to the WAN (Internet). However the traffic seems not to be going to the internet once it reaches the HQ router. I do not know what I am missing. I have even tried adding SD WAN Policy routing where I have specified that traffic from the branch should be exited through the internet WAN. 

Both LANs are able to see each other with no problems.

Kindly point me out where am going wrong.  

Boniface



This thread was automatically locked due to age.
Parents
  • 0

    Hello Boniface,

    Thank you for contacting the Sophos Community!

    Are you able to see the Internet traffic arriving at the HQ Firewall and leaving the WAN interface? Can you do a tcpdump accessing a website from the branch, to see if you see the traffic arriving at the HQ, leaving the WAN interface and coming back? 

    Do you have a NAT rule to NAT this traffic as it goes our the WAN interface?

    What is the current route precedence in the HQ XG? console> system route_precedence show.

    Regards,

Reply
  • 0

    Hello Boniface,

    Thank you for contacting the Sophos Community!

    Are you able to see the Internet traffic arriving at the HQ Firewall and leaving the WAN interface? Can you do a tcpdump accessing a website from the branch, to see if you see the traffic arriving at the HQ, leaving the WAN interface and coming back? 

    Do you have a NAT rule to NAT this traffic as it goes our the WAN interface?

    What is the current route precedence in the HQ XG? console> system route_precedence show.

    Regards,

Children
No Data