Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 3 answers
  • Subscribers 29 subscribers
  • Views 1151 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PROBLEM WITH SD-WAN POLICY

Paco Laura

Hi!

I have created an SD-WAN policy so that the devices of a VLAN go out to the Internet through a specific WAN line. It works.

However, the devices of said vlan can no longer access to a device of another vlan when before the sd-wan rule they could.

If I disable the sd-wan policy, computers can again access that computer.

I assume that the sd-wan policy uses the wan interface to try to access the lan vlan, which I know is not possible.

What I can do? Why it happens?

Thank you very much.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Raphael Alganes

    Hello!!!

    Thanks for your answer but i cant find the way to work. This is how i have the sd-wan policy:

    In this way, the RED_Invitados goes out to the Internet where the sd-wan rule indicates: (this is from one PC from this Red_invitados network)
     
    (but i cant get into the internal network i want)

    If i change the destination network to: (only this change)
     
    the public IP changes:
     
    and that means that the sd-wan policy does not take the traffic from that network to the internet where I want.
    (but i still cant get into the internal network i want).

    If i disable the sd-wan rule i can get to the network i want but the public IP is 81.x.x.x instead of 195.x.x.x

    Any ideas??? Thank you very much!!!!!


  • 0 in reply to Paco Laura

    Hey  ,

    Ensure it has a FW rule too, ensure to follow first 6 steps mentioned in the Traditional Settings For Primary and Backup Gateway:
    Sophos Firewall v19: How to Choose The Gateway For A Firewall Rule

  • 0 in reply to Vivek Jagad

    Hii 

    That FW rules already exists.

    Theres a way to route a concrete vlan network trafic to a concrete WAN  via FW rules?? 

    I think if I dispense with the SD-WAN policy it could work for me.
    I think what happens is that the sd-wan policy takes the traffic through the WAN interface of the policy and is not able to interpret that it is lan traffic, not lan to wan.

  • 0 in reply to Paco Laura

    Hi   I am suspecting your VLAN connection is breaking due to the route precedence set on XG having the highest precedence to the SD-WAN route. In order to avoid such an issue you may set the static route presence first. Post that enables the SD-WAN rule for that VLAN again and confirmation the communication (Internal and Outside - both should work in the expected way).

    Reference: docs.sophos.com/.../index.html

  • 0 in reply to Vishal_R

    Hi.

    We have executed in console:

    system route_precedence set static sdwan_policyroute vpn

    The command have changed the routing order but it dont works.

  • 0 in reply to Paco Laura

    Hi   Thanks for sharing the latest update, After changing the precedence what is the observation in TCPDUMP and Drop packet?  Is the packet getting dropped on XG Or not for ICMP if you are testing PING? If it still remains un resolved then would suggest opening a support case to review the logs and settings further and to fix it and share the case ID her for reference.