SD-WAN

 View Only
last person joined: yesterday 

Forum to discuss HPE Aruba EdgeConnect SD-WAN and SD-Branch solutions. This includes SD-WAN Orchestration WAN edge network functions - routing, security, zone-based firewall, segmentation and WAN optimization, micro-branch solutions, best practics, and third-party integrations. All things SD-WAN!
Back to discussions
Expand all | Collapse all

BGW issue with tunnel to SASE Axis Security

This thread has been viewed 8 times

  • 1.  BGW issue with tunnel to SASE Axis Security

    Posted 2 hours ago

    Hey,

    I have lab where a 9005 gateway with some AP's.
    When I do a simple setup without SASE or anything I can reach the internet and everything works.

    When I enabled the pbr of axis, then I can not reach the internet.

    I receive a local IP address and can ping the default gateway but couldn't go outside.

    According to Central the Axis tunnels are up and running & on manage portal of axis it says it's also connected.

    When I look into the sessions of the gateway I see that it uses the correct pbr and sends the traffic to axis portal.

    But I see also that the return traffic comes directly and not from Axis.
    Is that the issue?

    In the policy of axis I only blocked gambling websites for testing.

    I made a rule below that allows everything from this test site.

    In the pbr I want that all onedrive traffic goes local and the rest via Axis.

    I applied to the nexthop routing and then the "test" role.

    Any ideas why it doesn't work?



  • 2.  RE: BGW issue with tunnel to SASE Axis Security

    Posted an hour ago

    quote:
    But I see also that the return traffic comes directly and not from Axis.

    Sound like Axis not intercepting?

    Have you created an aaa-profile with an initial role set.

    Have you Applied policy (Config>Security>Apply policy) to the vlan?

    Can it be hitting your setup policy ? just above your axis-pbr policy.

    Verify with: 

    show datapath session table 

    show datapath route

    show user (is the traffic going to the tunnel)

    other than that this looks fine. 



    ------------------------------
    Ole Morten Kårbø
    ACP - Campus Access Professional
    ACEA | ACSP | APS CX10000 | APS Central | APS SD-Branch
    Netnordic Norway
    ------------------------------

    Original Message


  • 3.  RE: BGW issue with tunnel to SASE Axis Security

    Posted 46 minutes ago

    The user has the correct role I already verified.

    I added the route policy where you mentioned, see picture.

    But no succes.

    What I see in the datapath is that it goes through axis tunnel.
    But 2 clients can not do https or https or even say that there isn't internet.

    I can ping to 8.8.8.8 and everything outside.


    Original Message