SD-WAN policy routing
Software-defined WAN (SD-WAN) adds a layer of software intelligence to your WAN infrastructure.
You can route traffic based on SD-WAN policy routing criteria, such as the incoming interface, source and destination networks, services, application objects, users, and user groups. You can specify the primary and backup gateways to route the traffic through.
If both gateways are unavailable, Sophos Firewall evaluates other SD-WAN policy routes. If it doesn't find another matching policy route, it applies the default route (WAN link load balancing). The default route load-balances traffic among the active WAN links. For more details of active WAN links, go to Network > WAN link manager.
SD-WAN policy routes allow you to specify gateway failover and failback, using a combination of connections, for example MPLS, VPN, and broadband. You can also route critical applications and bandwidth-sensitive traffic, such as VoIP through high-speed ISP links.
You can create IPv4 and IPv6 SD-WAN policy routes.
You can do the following to configure and manage SD-WAN routes:
- To change the sequence of an SD-WAN route, drag and drop the route. Sophos Firewall evaluates routes in the order shown until it finds a match. Once it finds a match, it doesn't evaluate subsequent routes.
- Click More options for the following actions:
- To turn on or turn off a route, use the On or Off switch.
- To edit a route, click Edit .
- To clone a route, click Clone .
- To delete a route, click Delete.
Hover over the route's icon under Active to see the gateway status.
The primary or backup gateway is up, and the policy route is live.
The gateways are down, and the policy route isn't live. Route only through specified gateways is off.
The gateways are down, and the policy route isn't live. Route only through specified gateways is on.
If the gateways you configure in the SD-WAN route aren't available, Sophos Firewall evaluates other SD-WAN routes. If it doesn't find another matching route, it applies the default route (WAN link load balancing), which load-balances traffic among the active WAN links. To see the active WAN links, go to Network > WAN link manager.
Routing follows the precedence you specify on the command-line interface. The default routing precedence is static, SD-WAN, and then VPN routes.
You can see the route precedence on Routing > SD-WAN routes.