Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 669 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Nail RED-Tunnel to specific WAN interfaces

Dennis Groppe

Hi,

I have a question about something I think it should be possible somehow....

We have a head office and two branch office, each of them with a Sophos XG firewall. All of them have two WAN interfaces (1. Fiber and 2. DSL). I would like to use *only* the Fiber-WANs for my RED-tunnels. For the RED server site, I can define which WAN-IF is used by setting the public IP of this WAN-IF as RED-Server in the branch offices.

But can't I force the RED clients to use Fiber-WAN-IF to establish the RED connection (ISP1 and ISP3 as example in the picture)? I cannot find an option to do this. Now, sometimes the Fiber-WAN and sometimes the DSL-WAN is used, one sees it in Network > Interfaces > RED on the RED server by looking at the IPs listed at "Online From...".

We already tried with SD-WAN-rules with Fiber-WAN as primary WAN-IF, but that did not work. The DSL-IFs are less fast, less reliable and has higher latency, which is not good as datatransfers via SMB and SIP-services go past the RED tunnels, for example.

Any hints how to solve this are appreciated Slight smile



This thread was automatically locked due to age.
Parents
  • 0

    You may use sd-wan routing to send outbound RED-traffic to a specific WAN / ISP.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Ok, sounds good, we already tried with a SD-WAN route. But I'm afraid we did not get it right for now...

    How I have to configure this rule to work properly? On the branch office I tried with

    Interface ANY, Source ANY, Destination ANY, Service = the RED ports 3400/3400 and then as primary WAN to use the Fiber-WAN-connection.

    But doesn't matter, still DSL is used. Or do I have to choose the specific RED-Connection as "incoming interface"?

Reply
  • 0 in reply to dirkkotte

    Ok, sounds good, we already tried with a SD-WAN route. But I'm afraid we did not get it right for now...

    How I have to configure this rule to work properly? On the branch office I tried with

    Interface ANY, Source ANY, Destination ANY, Service = the RED ports 3400/3400 and then as primary WAN to use the Fiber-WAN-connection.

    But doesn't matter, still DSL is used. Or do I have to choose the specific RED-Connection as "incoming interface"?

Children
Unfiltered HTML