Back to All Scenarios
PASSEDvendor / sonicwall_sdwan_policy_routing_failure
SonicWall SD-WAN Policy Routing Failure
The SonicWall TZ670 SD-WAN policy engine fails to detect WAN link degradation, continuing to route critical VoIP traffic over a congested ISP link instead of failing over to the backup MPLS circuit.
Pattern
SDWAN_EVENT
Severity
CRITICAL
Confidence
85%
Remediation
Remote Hands
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | SDWAN_EVENT | SDWAN_EVENT | |
| Severity Assessment | CRITICAL | CRITICAL | |
| Incident Correlation | Yes | 20 linked | |
| Cascade Escalation | N/A | No | |
| Remediation | — | Remote Hands — Corax contacts on-site support via call, email, or API |
Scenario Conditions
SonicWall TZ670 with SD-WAN license. Two WAN links: primary ISP (degraded, 15% packet loss) and backup MPLS. SD-WAN probe misconfigured to wrong IP. VoIP traffic still on degraded link.
Injected Error Messages (2)
sonicwall sd-wan policy routing failure on TZ670 — sd-wan performance probe targeting wrong IP (10.0.0.1 instead of ISP gateway), sonicwall sd-wan reporting primary WAN as healthy despite 15% packet loss on actual traffic path, policy-based routing not triggering failover to backup circuit, sd-wan SLA threshold breached but not detected
sonicwall TZ670 sd-wan misconfiguration causing call quality issues — voice traffic routed over lossy ISP link (15% packet loss, 180ms latency) despite available backup circuit, sonicwall sd-wan application-aware routing not failing over, MOS scores dropped to 1.8, sd-wan probe returning false healthy status for primary WAN
Neural Engine Root Cause Analysis
The SonicWall TZ670 SD-WAN policy routing is misconfigured, causing performance probes to target the wrong IP address (10.0.0.1 instead of the ISP gateway). This misrouting prevents accurate health monitoring of the primary WAN circuit, causing the SD-WAN controller to report the primary WAN as healthy despite 15% packet loss on the actual traffic path. Consequently, policy-based routing failover mechanisms are not triggering to switch to the backup circuit, resulting in degraded connectivity and SLA threshold breaches going undetected.
Remediation Plan
1. Access SonicWall TZ670 management interface via SSH or web GUI. 2. Navigate to Network > SD-WAN settings and verify probe target configurations. 3. Correct the performance probe target IP from 10.0.0.1 to the actual ISP gateway IP address. 4. Review and adjust SD-WAN SLA thresholds and failover policies to ensure proper detection of degraded circuits. 5. Verify policy-based routing rules are correctly configured for automatic failover. 6. Test failover functionality by simulating degraded conditions on primary WAN. 7. Monitor SD-WAN dashboard to confirm proper health reporting and failover behavior.
Tested: 2026-03-30Monitors: 2 | Incidents: 2Test ID: cmnck55bc06soobqey52vehox