Skip to content
Last update: 2022-03-11

SD-WAN policy routing behavior

Consider the following if you're configuring SD-WAN policy routing:

  • If you configure Sophos Firewall as a direct proxy, the firewall doesn't apply the SD-WAN policy route to match the following:
    • If you've set Services to HTTP. To apply the route, you can add a service for the direct proxy port you use or select Any. You can see the direct proxy port on Web > General settings, under Web proxy listening port.
    • A source network for reply packets
    • An incoming interface for reply packets
  • You must configure at least one WAN interface (default gateway) or static route to match proxy traffic in the reply path for system-generated traffic.
  • The firewall doesn't apply SD-WAN routes to reply packets if the original traffic uses the default route (WAN link load balancing). It applies the default route, and the reply packets exit on the same interface they enter.
  • For IPv6 SD-WAN policy routes, dead gateway detection (DGD) doesn't monitor third-party network traffic (for example SNMP).
Back to top