SD WAN Policy Routing Complete Understanding
Overview:
Here in this article we will understand what is SD WAN policy routing and how to configure SD WAN policy routing in detail.
What Is SD WAN Policy Routing?
Using SD WAN policy routing we can route traffic based on the policies we define. We can route the traffic through various gateway based on the service and applications you are using. We can also configure SD WAN policy route for specific networks for specific uses to forward traffic through specific gateways.
We will understand SD WAN policy routing through different applications. I am having two WAN links and my requirement is to forward the traffic based on the type of traffic.
Names Of WAN Links:
WAN Link1: Gateway1
WAN Link2: Gateway2
Make sure both gateways are ACTIVE state, only through the active gateways you can forward traffic using SD WAN policy route.
Requirement-1: Route all the emails Flow Traffic through Gateway1.
Login to Sophos firewall and then click on routing >> SD WAN policy routing and click on Add SD WAN policy route
As shown in the above screenshot, make sure Incoming interface must be any internal interface. Since you need to route the email traffic, in the services section select SMTPS, SMTP, SMTPS_465, POP, POPS, IMAP and IMAPS.
Since you are selecting all email services, all the email traffic will match this rule.
In the bottom section, we can select primary gateway and back up gateway. So now i have selected primary gateway as Gateway1 and in case if primary gateway fails, i have selected back up gateway as Gateway2
Requirement-2: Route Specific Application Traffic Through Gateway2
Our requirement in this section is to route all the microsoft teams traffic through gateway2
Login to firewall and click on routing >> SD WAN policy routing and then click on SD WAN policy route
Step-1:
Click on Add new application under application object:
Then select microsoft teams application as shown in below image
Now save the application object by hitting on save button as shown in the above image
Once you add application you can configure primary gateway as Gateway2 and backup gateway as Gateway1
Now all the microsoft teams traffic will pass through gateway2, in case if gateway2 fails teams traffic will pass through gateway1
Requirement-3: Route Specific User and Specific Group Traffic Through Gateway1
Now our requirement is to forward specific user and group and traffic through gateway1.
You need to add the concerned user “seshu” and “Guest Group” in SD WAN policy route users and groups section.
Under users and groups i selected seshu user and in the primary gateway as gateway1, so that all seshu user traffic wil be forwarded to gateway1. In case if the gateway1 fails traffic will be routed through gateway2
SD WAN Policy Route Status:
Green–Primary or backup gateway is up and the policy route is live.
Red—-Gateway is down and the policy route isn’t live. Override gateway monitoring is off.
Yellow—-Gateway is down and override gateway monitoring is on.
Hover over the status icon to view the statuses of the primary and backup gateways and the override gateway monitoring setting.
Hope this article helps you