XG to XG with Multi-WAN?

Hi oxident

with a XG to XG RED Tunnel you'll need to configure the RED which works in Client Mode you can define the Central Site IP to which the RED Client XG connects in the RED Interface Settings (Network -> Interfaces -> 'name of RED interface') I don't Know if you can change this on the fly or if you'll need to recreate the RED interface - at the moment no test setup.

with a real RED it is done at the Central Site:

if you edit the RED Interface (Network -> Interfaces -> 'name of RED interface') you can configure which public ip or hostname is used by the RED.

you could eaven configure Loadbalancing / Failover.

 Yours Lukas

Hi oxident

with a XG to XG RED Tunnel you'll need to configure the RED which works in Client Mode you can define the Central Site IP to which the RED Client XG connects in the RED Interface Settings (Network -> Interfaces -> 'name of RED interface') I don't Know if you can change this on the fly or if you'll need to recreate the RED interface - at the moment no test setup.

with a real RED it is done at the Central Site:

if you edit the RED Interface (Network -> Interfaces -> 'name of RED interface') you can configure which public ip or hostname is used by the RED.

you could eaven configure Loadbalancing / Failover.

 Yours Lukas

Hello Lukas,

thanks for your reply. Yes, it is possible to change the IP of the RED server afterwards, but I guess this isn't related to my question ;-)

I was wondering how the XG determines which WAN gateway to choose for outgoing RED connections. As far as it looks like to me, the RED just uses the first available ("up") gateway and there's no way to use the XG's built it loadbalancing / failover for the RED functionality or even a possibility to "bind" a RED client to a specific WAN port.

I have the same doubt.

How the XG determines which WAN gateway to choose for outgoing RED connections, if there's anyway to force the traffic through one interface and have a failover/failback in case of failure with the primary WAN.

I have this same question.  Moving some sites that are having IPSec issues over to RED and being able to control the gateway the RED tunnel connects on is ideal (just like with an actual RED appliance).

I'm engaging Sophos and will update if/when I get anywhere with this.

Thanks,

John

I've also been wondering about this.  On XG115w_XN03_SFOS 17.0.8 MR-8 client office with isp1 on port2 and isp2 on port4 even if a /32 static route is added for the ip of the RED server pointed at isp2 gateway ip on port4, the client XG RED still establishes on isp1 as verified from the "uplink ip" field of the RED server XG interface after reboot.  What methods are available to control RED branch wan interface and how is the XG determining which isp interface to use for RED?

same behavior on SFOS v17.1.2 MR2.  RED client interface on client XG seems to bind to lowest numbered wan zone port associated with a gateway designated active in the network >> wan link manager screen (maybe, I haven't done large scale testing).  A partial workaround other than disconnecting network cables from wan interfaces could be to set other wan links from active to backup in that screen to force RED over any remaining active wan link.  non-RED traffic could be redirected to any backup isp wan link instead of the active link through either firewall rule primary/backup gateway, static routes, or policy routes.  with this workaround wan load balancing seems lost. Voting may help: ideas.sophos.com/.../31790149-red-xg-to-xg-client-side-multiple-wan-link-fail-ov