Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 1267 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Assistant with setting up MPLS

notapplemaxwindows1

Hi All, 

I am having trouble getting my MPLS to working between 2 Sophos firewalls. 

Here is my topology:

I have tried putting routes in place etc.. but cannot get it to work and just getting confused now. Is anyone able to confirm what I need to do to get traffic flowing over the MPLS Circuit?

I have the relevant firewall rules in place for site A subnet to site B subnet, but I would love it if someone could help?

Thanks all!



This thread was automatically locked due to age.
Parents
  • 0

    We have set this up sucessfully. With a) internet breakout at the MPLS Provider and b) with dedicated internet breakout. And c) with default route 0.0.0.0 and breakout on another site. On the central site basically like the setup on the picture: Terminating MPLS on a router/switch that is connected to the firewall.

    You need to set the proper static routes. You need also to define the policies (setting up explicit deny rules on both sides + putting on logging and traceroute from both sides should help).

    You also need to be sure that the local networks are actually transmitted through the MPLS (ask your provider).


Reply
  • 0

    We have set this up sucessfully. With a) internet breakout at the MPLS Provider and b) with dedicated internet breakout. And c) with default route 0.0.0.0 and breakout on another site. On the central site basically like the setup on the picture: Terminating MPLS on a router/switch that is connected to the firewall.

    You need to set the proper static routes. You need also to define the policies (setting up explicit deny rules on both sides + putting on logging and traceroute from both sides should help).

    You also need to be sure that the local networks are actually transmitted through the MPLS (ask your provider).


Children