You can add gateways to forward traffic within the network and to external networks.
You can add IPv4 and IPv6 gateways. You can also edit, clone, and delete custom gateways.
Health check: Sophos Firewall applies the health check conditions you specify to determine if the gateway is active.
Gateway zones: You can assign a zone to custom gateways. Sophos Firewall only applies the zone to traffic when the gateway is assigned to a matching SD-WAN policy route.
Gateway zones apply to SD-WAN policy routes created in 18.0 MR2 and later. They don't apply to policy routes migrated from earlier versions to 18.0 and later.
The following rules apply to custom gateways and the zones assigned to them:
- VPN zone: You can't assign a VPN zone to custom gateways.
- Automatically created gateways: When you configure a physical WAN interface, Sophos Firewall automatically creates a gateway. You can't change the zone for these gateways from Routing > Gateways.
Gateway load balancing: You can only implement load balancing over gateways configured with a physical WAN interface. To see these gateways, go to Network > WAN link manager.
Custom gateways don't participate in load balancing even when you assign a WAN zone to the gateway.
Use case: Use the gateway zone to create SD-WAN policy routes for network hosts (example: servers) located in different zones. The zone setting enables you to apply firewall rules based on the gateway zone.
Indicators of gateway status:
: Active gateway
: Inactive gateway