Skip to content

SD-WAN routes

Software-defined WAN (SD-WAN) adds a layer of software intelligence to your WAN infrastructure.

SD-WAN routes deliver zero-impact failover with performance SLAs for multiple gateways, enabling you to optimize your WAN infrastructure. See SD-WAN routing behavior.

You can route traffic based on applications, users and groups, and network criteria, such as the incoming interface, source and destination networks, and services. You can implement Service Level Agreements (SLA) for gateway performance.

SD-WAN on Sophos Firewall and Sophos Central

SD-WAN routes on Sophos Firewall enable you to implement routing decisions based on the criteria you specify. To route traffic through more than two gateways and apply SLAs, you can select an SD-WAN profile in the SD-WAN route.

To connect your head office and branch offices in a hub-and-spoke, multiple-hub-spoke, or full mesh network with SD-WAN IPsec tunnels, you can configure SD-WAN connection groups on Sophos Central.

  • SD-WAN routes


    Route traffic based on applications and users from Sophos Firewall. Select an SD-WAN profile to route through multiple gateways using SLAs.

    SD-WAN routes on Sophos Firewall

  • SD-WAN connection groups


    Connect the head office and all your branch offices through automatically created IPsec tunnels using firewall connection groups from Sophos Central.

    SD-WAN connection groups on Sophos Central

Leveraging SD-WAN routes

You can optimize MPLS, ISP, LTE links, and IPsec tunnel (XFRM) interfaces with zero-impact failover using SD-WAN profiles. Additionally, you can configure routes based on network criteria and business requirements.

  • Performance SLAs


    Enforce zero-impact failover across multiple gateways based on SLAs for jitter, latency, and packet loss in the SD-WAN profile you select.

    SD-WAN profiles

  • User and application-based routes


    Match traffic based on users and groups, application objects, and network criteria in the SD-WAN route.

    SD-WAN routes

SD-WAN monitoring and logging

You can monitor the performance of gateways used in SD-WAN profiles and routes and see detailed SD-WAN logs.

  • SD-WAN monitoring


    Real-time gateway performance for latency, jitter, and packet loss.

    SD-WAN performance

  • SD-WAN logs


    Logs for SD-WAN routes, profiles, and SLAs.

    SD-WAN logs