Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 669 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SD-WAN routing with 2 P2P Links

Ajay Sharma1

Hello Community,

We have this scenario where in we have a branch location and the location is connected using 2 P2P Links. At HO side we have Sophos XG330 and BO its a Sonicwall.

The P2P links on XG330 are in DMZ zone, we have created custom gateway and have configured a SD-WAN Route. - refer screenshot. the Route precedence is set to

console> system route_precedence sh
Routing Precedence:
1.  SD-WAN policy routes
2.  VPN routes
3.  Static routes

Issue is we are not able to ping / reach the Branch Local LAN with this. The moment we add a Static route, we are able to reach.



This thread was automatically locked due to age.
  • 0

    Hello  ,

    Thank you for reaching out to the community, is the health check on your custom gateway on ? What is the status on your custom gateway could you share a screenshot ?
    On the CLI, select option 4. Device Console || Can you share the output for given command below !
    >system diagnostic utilities route lookup <destination IP>  

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hello Vivek,

    Health check is on. Currently out of 2 1 Link is up

    Output of system diagnostic utilities route lookup

    console> system diagnostics utilities route lookup 10.3.0.1
    10.3.0.1 is located on the Port3
    10.3.0.1 is reached through the router 103.xx.xxx.x1
    console>

    the Router IP is WAN Port of ILL on Port3

  • 0

    Hello Ajay,

    Kindly share the details of the firewall rules created.

    Later, initiate the ping from the LAN to MPLS network and collect the tcpdump on destination IP and observe whether it is being sent out via the specified port or not.

    You may also try linking the NAT on the firewall rule created and if still does not help. Raise the ticket with the support to investigate it further and DM me the case ID.

    Mayur Makvana
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to MayurMakvana

    Hello Mayank,

    Both the P2P Links are in DMZ Zone. We have created the Rule for LAN to DMZ and DMZ to LAN. Also, we are able to ping the BO End Interface IP (172.16.16.6).

    Interface Zone:

    Rules:

    I'll try linking NAT rule for the same. And revert you with the tcpdump too.

Unfiltered HTML