Change Sophos XG Routing Priority/Precedence

Hi, a quick one today.

We have a customer with a Sophos XG 230, a lot of Site-2-Site VPNs and different Policy-based routes, mainly for the 3 different ISPs they have.

The default "route precedence" the Sophos XG uses is as follows.:

1. Static routes
2. SD-WAN policy routes
3. VPN routes

This caused issues with the VPN traffic because the firewall used the policy-based routing for a few paths rather than the VPN tunnels. I don't remember the exact problem, but I do remember that I needed to change the priority.

Here is how to change it. SSH into the device and select "Device Console".

fedora-kde :: ~ » ssh admin@172.16.16.16Sophos Firmware Version SFOS 18.0.5 MR-5-Build586 Main Menu AA.  Device Activation 1.  Network  Configuration 2.  System   Configuration 3.  Route    Configuration 4.  Device Console 5.  Device Management 6.  VPN Management 7.  Shutdown/Reboot Device 0.  Exit Select Menu Number [0-7]: 4

To show the current precedence.

console> system route_precedence show Routing Precedence: 1.  Static routes 2.  SD-WAN policy routes 3.  VPN routes

Change the priority.

console> system route_precedence set static vpn sdwan_policyroute

Another check.

console> system route_precedence showRouting Precedence: 1.  Static routes 2.  VPN routes 3.  SD-WAN policy routes

Short one today.

Till next time.