Previously in V17 of the Sophos firewall firmware, the load balancing options were included in creating firewall rules under the NAT & routing options but in the V18 the options have been separated to give the user more options to specify what they require.

Below is the step by step processes involved in enabling load balancing in v18

  • 1.       Create a firewall rule, specifying the name, source and destination zones as well as the source and destination networks.

 

  • 2.       Navigate to CONFIGURE and click on Routing. Select SD-WAN policy routing and add an IPV4 unicast route.

 

 

 

 

  1. Incoming Interface enables you to specify the required interface if applicable. E.g. LAN interface, VLAN interface, bridged interfaces.

Source Networks refers to the source of the traffic. It should be the same as the one specified in creating the firewall rule.

Destination Networks: The destination network should also be the same as the one specified in the designated firewall rule.

Application Set comes with options which enable the user to specify applications pools. E.g. Messaging, Webmail, File transfer, VOIP etc.

User or Groups: This option allows you to specify users or groups in the case where applicable.

Services: enables the user to choose internet services where applicable. E.g. HTTPS, HTTP, ICMP, PING, DHCP, DNS, BGP Etc.

 

 

 

 

 

  1. Continue to select the required gateway. Specify the primary and backup gateways as desired. Tick the override gateway box if you want the traffic to only flow through the specified gateway. Only choose this option when you want the firewall to ignore the status of the chosen gateway(s). In this case even when the gateway is down the traffic will not be routed through any other gateway aside the specified one.

 

 

 

 

 

 

  1. A green link light means either the primary or backup gateways are up, a red link light means both active and backup gateways are down and an amber link light means both the primary and backup gateways are down but the override gateway monitoring is enabled.

 

 

Follow the link below to get more details on how to use the Routing option

https://community.sophos.com/xg-firewall/f/recommended-reads/118888/sophos-xg-firewall-v18-how-to-choose-the-gateway-for-a-firewall-rule