Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1156 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT or SD WAN Policy Routing

nidz

HI,

We have 3 ISP(ISP1, ISP2 and ISP3) connected to our firewall in our HQ. In our HQ we have at least 5 subnets. My question is can i let some subnet to utilize only ISP2 for internet, not just internet but fully utilize the link. The other link i need only for VPN and RED 50 Connection.

I tried NAT but it seems not successful. How about SDWAN Policy?

Thanks and Best Regards,

nidz



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Vishal_R

    Hi Vishal_R,

    Thanks for the support. If i utilize the SDWAN so i need to specify the port like HTTP and HTTPS? Im thinking no just http and https but all. Doing ANY in the Services policy i lost the ping and remote Desktop to our branches which is connected via RED and VPN.

    Thanks and Best Regards,

    nidz

Children
  • 0 in reply to nidz

    Hi : It could be due to your current "route precedence" settings on XG and may be SD-WAN route has the 1st preference.

    You may tweak the route precedence as per requirement and the below help section explanation will help here to get more information:

    docs.sophos.com/.../index.html

  • 0 in reply to Vishal_R

    Hi Vishal_R,

    You were right.. This is the route precedence of my current firewall.

    console> system route_precedence show
    Routing Precedence:
    1. SD-WAN policy routes
    2. VPN routes
    3. Static routes
    console>

    In my case i should change it to Static VPN and SDWAN? Sorry im just new to this. If i change the predence also my rules and policies will be affected?

    Also i tried http and https in SDWAN result is i cannot also browse our internal webserver. Maybe related also to the SDWAN route precedence. Meaning all my http and https will be redirected to the internet.

    Thanks and Best Regards,

    Nidz

  • +1 in reply to nidz

    Hi : I would suggest on a safer side you should try these settings in the odd hours or when fewer users - so you may be able to validate the things with minimal impact (if there are any) due to these changes according to your configuration and setup.

  • 0 in reply to Vishal_R

    Hi Vishal_R,

    Thanks a lot for your suggestion. I will try this maybe tonight or this coming Friday.

    Thanks and Best Regards,

    Nidz