Hi,
When creating and SD-WAN connection group in central, we get to configuring interfaces and have the option of choosing either "SD-WAN profile" or "Primary and Backup gateways".
What is the actual difference here? It's not explained anywhere.
Is one more akin to active / active and one active / passive (not connected) ?
Thanks
Hello balletbob ,
Thank you for reaching out to the community, the follow recommended read will clarify your doubts - Sophos Firewall v19: How to Choose The Gateway For A Firewall Rule
"SD-WAN profile"
Software-defined WAN (SD-WAN) adds a layer of software intelligence to your WAN infrastructure.
SD-WAN routes deliver zero-impact failover with performance SLAs for multiple gateways, enabling you to optimize your WAN infrastructure. See SD-WAN routing behavior.
You can route traffic based on applications, users and groups, and network criteria, such as the incoming interface, source and destination networks, and services. You can implement Service Level Agreements (SLA) for gateway performance.
You can use SD-WAN profiles to define an SD-WAN routing strategy across multiple gateways in your SD-WAN network. With two or more gateways configured in your network, you can use an SD-WAN profile to route traffic based on the availability or performance of the gateways. This approach optimizes the performance of your SD-WAN network and helps ensure continuity in the event of an ISP disruption.
Where as "Primary and Backup gateways."
Just helps you route the traffic through a certain gateway you can opt to select the Primary gateway and the Backup gateway.
If you delete the backup gateway, Sophos Firewall sets the backup gateway to None. If the primary gateway goes down, Sophos Firewall routes traffic through the backup gateway. When the primary gateway comes back up, Sophos Firewall routes new connections through it. Existing connections continue to use the backup gateway.
If you delete the SD-WAN profile or the primary gateway, Sophos Firewall deletes the route and implements the default route (WAN link load balance), which load-balances traffic among the active WAN links.
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Hello balletbob ,
Thank you for reaching out to the community, the follow recommended read will clarify your doubts - Sophos Firewall v19: How to Choose The Gateway For A Firewall Rule
"SD-WAN profile"
Software-defined WAN (SD-WAN) adds a layer of software intelligence to your WAN infrastructure.
SD-WAN routes deliver zero-impact failover with performance SLAs for multiple gateways, enabling you to optimize your WAN infrastructure. See SD-WAN routing behavior.
You can route traffic based on applications, users and groups, and network criteria, such as the incoming interface, source and destination networks, and services. You can implement Service Level Agreements (SLA) for gateway performance.
You can use SD-WAN profiles to define an SD-WAN routing strategy across multiple gateways in your SD-WAN network. With two or more gateways configured in your network, you can use an SD-WAN profile to route traffic based on the availability or performance of the gateways. This approach optimizes the performance of your SD-WAN network and helps ensure continuity in the event of an ISP disruption.
Where as "Primary and Backup gateways."
Just helps you route the traffic through a certain gateway you can opt to select the Primary gateway and the Backup gateway.
If you delete the backup gateway, Sophos Firewall sets the backup gateway to None. If the primary gateway goes down, Sophos Firewall routes traffic through the backup gateway. When the primary gateway comes back up, Sophos Firewall routes new connections through it. Existing connections continue to use the backup gateway.
If you delete the SD-WAN profile or the primary gateway, Sophos Firewall deletes the route and implements the default route (WAN link load balance), which load-balances traffic among the active WAN links.
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Hello balletbob ,
For SD-WAN Orchestration I recommend you a read here - Sophos Firewall: Managing Firewall and SD-WAN Orchestration
And when you opt for this, all the respective rules and IPsec tunnel and xfrm interfaces are created automatically on the Sophos Firewall.
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
