Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 317 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG 18.5.1-326 SD-WAN policy does not work with FQDN with "wildcard" but works with IP-Host

AlexanderPoettinger

Trying to route traffic for "*.remote.innotemp.de" through a particular gateway.

Have added a FQDN host with that address and added the host to the destination of an SD-WAN policy rule.

The rule does not work, the traffic is routed through the wrong gateway.

Have added an IP-Host entry with the IP address of the host behind the FQDN.

If add the IP-Host to the same SD-WAN policy, it works.

AM I missing something?



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi Alexander, Thanks for reaching out to Sophos Community.

    Firewall will resolve the IP address for the FQDNs that were mentioned and allow the traffic accordingly. The same goes with SD-WAN rules. Ensure that the Firewall resolves the same IP as the end system for the requested FQDN/URL.

    Also at times, Changing gateways in SD-WAN rule doesn't reflect as long as the connection is established (Not applicable in the gateway failure scenario). Once you change the Gateways, try to delete the connection and see if that works or not.

    To delete the connection,

    Take SSH, Goto Option 3 > Option 5  Advanced shell -->  conntrack -D --orig-dst <destination_IP> (e.g conntrack -D --orig-dst 1.1.1.1)