Register Now


Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

SD WAN Policy Routing Complete Understanding


Here in this article we will understand what is SD WAN policy routing and how to configure SD WAN policy routing in detail.

What Is SD WAN Policy Routing?

Using SD WAN policy routing we can route traffic based on the policies we define. We can route the traffic through various gateway based on the service and applications you are using. We can also configure SD WAN policy route for specific networks for specific uses to forward traffic through specific gateways.

We will understand SD WAN policy routing through different applications. I am having two WAN links and my requirement is to forward the traffic based on the type of traffic.

Names Of WAN Links:

WAN Link1: Gateway1

WAN Link2: Gateway2

Make sure both gateways are ACTIVE state, only through the active gateways you can forward traffic using SD WAN policy route.

WAN links

Requirement-1: Route all the emails Flow Traffic through Gateway1.

Login to Sophos firewall and then click on routing >> SD WAN policy routing and click on Add SD WAN policy route

Email SD WAN policy route
SD WAN email

As shown in the above screenshot, make sure Incoming interface must be any internal interface. Since you need to route the email traffic, in the services section select SMTPS, SMTP, SMTPS_465, POP, POPS, IMAP and IMAPS.

Since you are selecting all email services, all the email traffic will match this rule.

In the bottom section, we can select primary gateway and back up gateway. So now i have selected primary gateway as Gateway1 and in case if primary gateway fails, i have selected back up gateway as Gateway2

Requirement-2: Route Specific Application Traffic Through Gateway2

Our requirement in this section is to route all the microsoft teams traffic through gateway2

Login to firewall and click on routing >> SD WAN policy routing and then click on SD WAN policy route


Click on Add new application under application object:

Application SD WAN policy route
application new

Then select microsoft teams application as shown in below image

Application object
Microsoft teams

Now save the application object by hitting on save button as shown in the above image

Once you add application you can configure primary gateway as Gateway2 and backup gateway as Gateway1

App SD WAN policy route
Select gateways

Now all the microsoft teams traffic will pass through gateway2, in case if gateway2 fails teams traffic will pass through gateway1

Requirement-3: Route Specific User and Specific Group Traffic Through Gateway1

Now our requirement is to forward specific user and group and traffic through gateway1.

You need to add the concerned user “seshu” and “Guest Group” in SD WAN policy route users and groups section.

User SD WAN policy route
Users SD WAN policy route

Under users and groups i selected seshu user and in the primary gateway as gateway1, so that all seshu user traffic wil be forwarded to gateway1. In case if the gateway1 fails traffic will be routed through gateway2

SD WAN Policy Route Status:

Green–Primary or backup gateway is up and the policy route is live.

Red—-Gateway is down and the policy route isn’t live. Override gateway monitoring is off.

Yellow—-Gateway is down and override gateway monitoring is on.

Hover over the status icon to view the statuses of the primary and backup gateways and the override gateway monitoring setting. 

Hope this article helps you