- This article will introduce new feature in Sophos XG Firewall run firmware version 18 Early Access Program (EAP).
What is it ?
- SD-WAN policy routing allows you to implement routing decisions based on the policies that you specify. It enables you to override routing based on destination IP addresses and routing tables.
- You can specify the SD-WAN policy routing criteria, such as source and destination networks, services, and primary and backup gateways.
- These policy routes allow you to specify gateway failover and failback, using a combination of connections, for example, MPLS, VPN, broadband. You can also route critical applications and bandwidth-sensitive traffic, such as VoIP through high-speed ISP links.
- You can create IPv4 and IPv6 SD-WAN policy routes. You can also create policy routes for the reply packets of system-generated traffic on non-WAN zone interfaces.
What is the difference between Policy Route in v17 and SD WAN Policy Route in v18?
- In v17.x, PBR-XG2 will not apply on reply traffic. Reply from client-2 will follow WAN link/ IPSec instead of MPLS-1.
- In v18, The above scenario works properly. PBR-XG2 will apply even on reply traffic.
- Policy routes will apply on reply traffic (Scenario in the diagram above).
- Policy routes will apply on system generated traffic.