Sophos XG Firewall : Introduce SD WAN Policy Route in V18


  • This article will introduce new feature in Sophos XG Firewall run firmware version 18 Early Access Program (EAP).

What is it ?

  • SD-WAN policy routing allows you to implement routing decisions based on the policies that you specify. It enables you to override routing based on destination IP addresses and routing tables.
  • You can specify the SD-WAN policy routing criteria, such as source and destination networks, services, and primary and backup gateways.
  • These policy routes allow you to specify gateway failover and failback, using a combination of connections, for example, MPLS, VPN, broadband. You can also route critical applications and bandwidth-sensitive traffic, such as VoIP through high-speed ISP links.
  • You can create IPv4 and IPv6 SD-WAN policy routes. You can also create policy routes for the reply packets of system-generated traffic on non-WAN zone interfaces.

What is the difference between Policy Route in v17 and SD WAN Policy Route in v18?

  • In v17.x, PBR-XG2 will not apply on reply traffic. Reply from client-2 will follow WAN link/ IPSec instead of MPLS-1.
  • In v18, The above scenario works properly. PBR-XG2 will apply even on reply traffic.


  • Policy routes will apply on reply traffic (Scenario in the diagram above).
  • Policy routes will apply on system generated traffic.

Be the first to comment

Leave a Reply

Your email address will not be published.