Migrated SD-WAN policy routes

These route settings are migrated from versions earlier than SFOS 18.0, in which firewall rules contained route settings.

You can change the route name, primary and backup gateways, and the gateway monitoring decision.
  1. Go to Routing > SD-WAN policy routing. Scroll down to IPv4 or IPv6 Migrated SD-WAN policy route and click Add.
  2. Enter a name.
  3. The firewall rule ID and name identify the rule that the route migrated from. Select the tooltip to see the rule’s source, destination, service, and action settings.
    CAUTION If your route precedence specifies SD-WAN policy routes before static routes and you set Destination networks to Any, XG Firewall applies the policy route to all (external and internal) traffic, forcing your internal sources to use the WAN gateway for internal destinations.

    This is likely to occur if you migrated from an earlier version to 18.0 or changed the default route precedence. To see the route precedence, go to the command-line interface and use the following command:

    console> system route_precedence show

    If you want the internal traffic (for example, internal hosts accessing internal devices and servers) to reach the internal network directly, set the routing precedence with static routing before SD-WAN policy routing on the command-line interface.

    Example: console> system route_precedence set static sdwan_policyroute vpn

  4. The gateway specified in the firewall rule becomes the Primary gateway.

    If you delete the selected gateway, XG Firewall will delete the policy route and implement WAN link load balance to route traffic.

    If the primary gateway goes down, XG Firewall routes traffic through the backup gateway. When the primary gateway comes back up, XG Firewall routes traffic through it.

  5. If a Backup gateway was specified in the firewall rule, it is used here.

    If you delete the selected gateway, XG Firewall sets the backup gateway to None.

  6. Override gateway monitoring decision is selected during migration to replicate the behavior of the routes in the original firewall rules.
  7. Click Save.