Migrated SD-WAN policy routes
These route settings are migrated from 17.5, in which firewall rules contained route settings, to SFOS 18.0 or later.
You can change the route name, primary and backup gateways, and the gateway monitoring decision.
- Go to Routing > SD-WAN policy routing.
- Under either IPv4 SD-WAN policy route or IPv6 SD-WAN policy route, click Add.
- Enter a name.
The firewall rule ID and name identify the rule that the route migrated from. Select the tooltip to see the rule’s source, destination, service, and action settings.
If your route precedence specifies SD-WAN policy routes before static routes and you set Destination networks to Any, Sophos Firewall applies the policy route to all (external and internal) traffic, forcing your internal sources to use the WAN gateway for internal destinations.
This is likely to occur if you migrated from 17.5 to 18.0 or later or changed the default route precedence. To see the route precedence, go to the command-line interface and use the following command:
console> system route_precedence show
If you want the internal traffic (for example, internal hosts accessing internal devices and servers) to reach the internal network directly, set the routing precedence with static routing before SD-WAN policy routing on the command-line interface.
console> system route_precedence set static sdwan_policyroute vpn
The gateway specified in the firewall rule becomes the primary gateway.
If you delete the selected gateway, Sophos Firewall deletes the policy route and implements WAN link load balance to route traffic.
If the primary gateway goes down, Sophos Firewall routes traffic through the backup gateway. When the primary gateway comes back up, Sophos Firewall routes new connections through it. Existing connections continue to use the backup gateway.
If you specified Backup gateway in the firewall rule, this gateway is used here.
If you delete the selected gateway, Sophos Firewall sets the backup gateway to None.
Override gateway monitoring decision is selected during migration to replicate the behavior of the routes in the original firewall rules. Click Save.