Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 467 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG / system traffic / breakout

damiri

Hi,

in scenario where we have xg106 at remote office we would like to:

- push HTTP/S traffic over VPN link where we will utilize filters from xg230

- push Office365 traffic as breakout on local interface

- push Windows update traffic as breakout on local interface

- have XG system or internal traffic as local breakout. 

what would be best way to achive this? How, we have XG traffic going over VPN link instead of directly to internet. 



This thread was automatically locked due to age.
  • 0

    Hello Damiri,

    Thank you for contacting the Sophos Community.

    To route all internet traffic from your Branch Office through your HO you can reference this link, I am not sure what you mean by breakout, but I guess you want that traffic not to go out the VPN and rather the local internet, if that it’s the case you can use a combination of RBVPN and Policy Route.

    I would recommend you to check with your Sales Engineer or Prof Serv for any specific requirements in this setting.

    Regards,

  • 0 in reply to emmosophos

    I checked. Had ticket as well. I want to control traffic where is going what. So I would like to have XG system internal traffic to go straight to Sophos without going over tunnel. This results in issue with remote support (access id) as well as wrong reporting of IP addresses on Central. RBVPN wasn't available until recently (really something I didn't pay attention assuming it is available like with all other tier-1 vendors). 

    So, is this doable? 

  • 0 in reply to damiri

    Hello Damiri,

    Make sure you don't have the system traffic nat, configured to send the system originated traffic over the IPsec.

    console>show advanced-firewall

    Regards,