Sophos XG RED through specific gateway

Question

We have the following scenario: 
 Sophos XG135 (SFOS 18.5.2 MR-2-Build380) Port 1 gateway to fibre internet Port 2 Gateway to VDSL Port 3 Gateway to LTE Port 4 LAN Clients Port 5 LAN Server Port 6 DMZ 
 The XG connects multible IPSEC tunnels via Port 1 (configured in VPN connection settings) We also have a RED tunnel generated on this XG to a datacenter. And here lies the problem. The RED tunnel connect somtimes through Port 1 and other times through Port 2 or 3. 
 There seems to be no gateway setting for RED. 
 In my research of this problem i found this help entry: 
 https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Routing/SDWANPolicyRouting/index.html#system-generated-traffic-and-reply-packets 
 It says: System-generated RED traffic on UDP port 3410 is layer 2 traffic. So, SD-WAN routes don't apply to this traffic. 
 If i cannot set the gateway of a red tunnel in its config or in SD-Wan policy how can it be done? 
 We would like to set a specific gateway if possible with a backup gateway.

MayurMakvana · Accepted Answer

Hello, 
 Thank you for sharing more insight on setup! 
 Add static route for Datacenter public IP in your XG135 via any of below gateway and choose interface as well in that static route: 
 Port 1 gateway to fibre internet Port 2 Gateway to VDSL Port 3 Gateway to LTE 
 I have tested in lab and it worked for me! Below is the route precedence setting in my lab. 
 console> system route_precedence show Routing Precedence: 1. Static routes 2. VPN routes 3. SD-WAN policy routes 
 Hope this would help! 
 
 Regards, 
 Mayur Makvana

Sophos XG RED through specific gateway

Top Replies

Submitted a Tech Support Case lately from the Support Portal?