Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 745 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing and Firewall Policy for MPLS and IPSec

Ajay Sharma1

We have a location where we have Sophos XG106 Firewall serving as Gateway. We have one MPLS link on the location. We are facing issue when we shift / redirect traffic on MPLS link to connect to HO. Static routes are working fine. We are able to reach the BO on MPLS but not vice-versa. Please refer the connectivity diagram as below. We are suspecting it is due to Firewall Rules. We are currently connected using IPSec Tunnel and have Firewall rules set to LAN to VPN and VPN to LAN.

Just unable to understand how to create Firewall Rules for MPLS as the MPLS router is in the same LAN subnet.



This thread was automatically locked due to age.
Parents
  • 0

    Hello ,

    Thank you for reaching out to the community, I have one question, the MPLS link configured on the HO and BO is configured in which zone ? Have you configured it as a WAN zone or a LAN zone or any custom DMZ or MPLS zone ? 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hello Vivek,

    Thanks for prompt response. The MPLS at BO is terminated on ISPs router and the Router at BO is in LAN Zone.

    At HO it is in DMZ but we have a L3 Distribution switch where we manage all the routing so the Firewall at HO does not come into scene, whenever the traffic is routed through MPLS from HO. Please refer the diagram below:

Reply
  • 0 in reply to Vivek Jagad

    Hello Vivek,

    Thanks for prompt response. The MPLS at BO is terminated on ISPs router and the Router at BO is in LAN Zone.

    At HO it is in DMZ but we have a L3 Distribution switch where we manage all the routing so the Firewall at HO does not come into scene, whenever the traffic is routed through MPLS from HO. Please refer the diagram below:

Children
Unfiltered HTML