problems after upgrade to 12.4

Hi community,
I upgraded a M300 (with 2 external interfaces) to new 12.4B592447 and realized some connection issues. After some research it seems that the sd-wan-based policies block these connections.
...for example we have the following rules since 12.3:
HTTP_from_dmz2extern -> sd-wan based routing: only external2 (=normal DSL)
SMTP_from_extern2dmz -> sd-wan based routing: only external1 (=leased line)
SSH_from_extern2IP (static) -> sd-wan based routing: only external1

with this rules we want to prefer dedicated lines because of performance reasons or because some IP´s are only reachable with the leased line. But this constellation doesn´t work anymore, it "drops" the traffic (traffic monitor still shows passing traffic in green).
When I deactivate the sd-wan based routing it works!?
Any explanations or ideas are welcome...


  • You should open a support incident on this.

  • There is also another post of an issue with 12.4 U2 & SD-WAN on the old Forum.

  • mboscolomboscolo Moderator, WatchGuard Representative

    With the introduction of SDWAN it is necessary to define rule that have Policy Based Routing and SNAT to be unique. It is no longer possible to have a single rule that controls the traffic with 2 different actions. There is a knowledge base article that has an explanation for the change Article ID: 000011870

  • Disappointing that none of the info in Article ID: 000011870 is in any of the V12.4.x Release Notes.

  • mboscolomboscolo Moderator, WatchGuard Representative

    A link in "Before you Begin" has a link to the article "Release_specific upgrade notes". In the v12.4 release notes

  • Well, I missed the "Release-specific upgrade notes" when I read each of the 3 V12.4.x Release Notes.
    Maybe next time it could be in Bold or some other way to make it more obvious

Sign In to comment.