Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 2171 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AWS VPN + BGP , up and down .

zzzp8

Hi there

Have setup a VPN to AWS from a XG on v 19.5 firmware

I used the VPC config file provided by AWS on the VPN Gateway and uploaded it to the Sophos as a VPC site to site VPN.

The BGP and VPN comes up - however once up the WAN interface seems to go online/offline intermittently and the firewall becomes intermittently controllable remotely over the WAN UI management interface. Over a period of 300x pings, i'll loose about 30% of pings as the WAN interface stops responding.

If I remove the VPN config , the firewall becomes stable again. 

Are there any known issues with VPN's into AWS? 



This thread was automatically locked due to age.
  • 0

    Have noticed that the firewall is trying to use the VPN as the default route when the WAN pings drop.

    Below shows 2x route dumps , top one is when the firewall is responding to ping on WAN interface, and the bottom is when the firewall isn't responding to ping but VPN is up. 

    Any idea how to remove 0.0.0.0/0 from the default route into AWS via VPN ?  I think that would fix the issue

  • +1

    Figured out the issue. I had to use BGP filters to filter out the 0.0.0.0/0 route being learnt from AWS. This step doesnt seem to be listed in the official XG documentation .

Unfiltered HTML