problems after upgrade to 12.4
Hi community,
I upgraded a M300 (with 2 external interfaces) to new 12.4B592447 and realized some connection issues. After some research it seems that the sd-wan-based policies block these connections.
...for example we have the following rules since 12.3:
HTTP_from_dmz2extern -> sd-wan based routing: only external2 (=normal DSL)
SMTP_from_extern2dmz -> sd-wan based routing: only external1 (=leased line)
SSH_from_extern2IP (static) -> sd-wan based routing: only external1
with this rules we want to prefer dedicated lines because of performance reasons or because some IP´s are only reachable with the leased line. But this constellation doesn´t work anymore, it "drops" the traffic (traffic monitor still shows passing traffic in green).
When I deactivate the sd-wan based routing it works!?
Any explanations or ideas are welcome...
Comments
You should open a support incident on this.
There is also another post of an issue with 12.4 U2 & SD-WAN on the old Forum.
With the introduction of SDWAN it is necessary to define rule that have Policy Based Routing and SNAT to be unique. It is no longer possible to have a single rule that controls the traffic with 2 different actions. There is a knowledge base article that has an explanation for the change Article ID: 000011870
Disappointing that none of the info in Article ID: 000011870 is in any of the V12.4.x Release Notes.
A link in "Before you Begin" has a link to the article "Release_specific upgrade notes". In the v12.4 release notes
Well, I missed the "Release-specific upgrade notes" when I read each of the 3 V12.4.x Release Notes.
Maybe next time it could be in Bold or some other way to make it more obvious