SD WAN and Sophos XG firewall

The software-defined wide area network (SD-WAN) is a specific application of software-defined networking (SDN) technology applied to WAN connections such as broadband internet, 4G, LTE, or MPLS. It connects enterprise networks, including branch offices and data centers — over large geographic distances.

As per my personal experience, the SD-WAN is a really good feature and it will a new imagine experience to users. This was past when you had MPLS and Internet connections a single device and Suddenly (bad Day for Network Engineer) MPLS connection went down or over utilized and local or remote users started calling  "Voice quality is not good between Site A and B”.  Also, it was past that you will pay a huge amount for MPLS connection as you can't believe in the Public Internet.

Fundamentally, SD-WAN is often about achieving one or more of these four objectives:

  • Reduce connectivity costs
  • Business continuity
  • Simpler branch office VPN orchestration
  • Quality of critical applications
Today we will discuss on the Sophos XG SD-WAN solution. The Sophos has launched SD-WAN with its 17.5 firmware. Some features are really good and some more will be adding in the next version in this year.  Let's we will discuss SD-WAN features

Fig 1.2-Sophos SDWAN
WAN Links
Let’s start with the fundamentals of WAN connectivity. Important considerations include offering flexible ISP and WAN connectivity options, as well as redundancy and failover in the event of downtime or failover.

Fig 1.3

XG Firewall offers support for multiple WAN links, including copper, fiber, and cellular options. XG Firewall can terminate MPLS circuits using ethernet handoff and VDSL through our optional SPF modem.

Branch Office Connectivity
Securely connecting remote branch offices to each other, central head offices, and various cloud services is another essential component of SD-WAN.   Features like affordable, flexible, and low-touch deployment are very desirable to make this as painless and cost-effective as possible while still supporting a variety of enterprise connectivity requirements.

XG Firewall offers unique RED devices and tunnel options to simply and affordably connect branch offices via SD-WAN.


VPN-Virtual Private Network
Another important capability for achieving many SD-WAN objectives is robust VPN support and easy, centralized VPN orchestration.

XG Firewall offers support for many standard site-to-site VPN options you would expect, including IPSec, SSL, and even our own unique RED Layer 2 tunnel with routing. 

Application Routing
XG Firewall also includes application-based routing and path selection in every firewall rule, as well as policy-based routing (PBR), making it easy to direct important application traffic out the optimal WAN interface.

Benefits of Sophos SD-WAN
Easy to use: As today he having many SD-WAN feature and all are easy to understand and configuration as well.  I personally like it's WAN load balancing feature. This is auto adjust then bandwidth uses and priority based on the link Uses and many other options. VPN failover is also very easy and two click option to configure failover. 

Branch Office Connectivity: Sophos Branch office connectivity is also very easy to implement and I personally like a RED solution. It is of minimum touch implementation. 

Application Routing: If you will understand the basic of the application routing then it is very easy to implement.

Fig 1.4


Limitations of Sophos SD-WAN
As the Sophos is new in the SD-WAN market so it will take some time and it will improve in the next update (18 or 18.5).

An Article By Deepak Kumar