Reference: Sophos Firewall: OSPF over RED KB-000038170 Jun 17, 2020
Our general setup:
We have one HO (XGS v18.5.3) and two BO's (XGS v18.5.2).
All three XGS have two WAN interfaces connected with 2 different ISP's. I'll name them "T" and "P".
ISP T is considered the primary one.
Both WAN interfaces are set to active but with a different weight: Port2_GW-T has weight 9, Port3_GW-P has weight 1.
There are four RED tunnels. All four have a different /30 subnet and HO is RED tunnel Server for all four:
Reds1 between HO-T and BO1
Reds2 between HO-T and BO2
Reds3 between HO-P and BO1
Reds4 between HO-P and BO2
Our goal is to setup OSPF over RED for connecting these sites with dynamically updated routes and WAN uplink (RED Tunnel) redundancy.
As per reference, where the client has only one WAN interface, it is expected behavior to have two RED Tunnels connected from the same source IP on the client side and different destination IP on the server side.
Even with two WAN interfaces we have seen in our BO's (RED client) that the two tunnels are initiated through the same WAN interface: either T or P.
Q1: Is there a way to force a tunnel to initiate through a specific WAN interface so as to have two tunnels but each with another source IP? Only valid if both WAN interfaces are active I suppose.
Q2: Keeping in mind our goal (OSPF routing), what would be the best BO setup for WAN uplink (RED Tunnel) redundancy? Active-active with different/same weight or active-backup?
Thanks for your input and suggestions
This thread was automatically locked due to age.