Unifi Magic SD-WAN troubles

I just set up a UDM Pro Max and three UCG Ultra on satellite sites and use Magic SD-WAN to connect everything. This is a little bit of an spontaneous decision. I had pfsense on the main site and after seeing Toms latest video about this I decided to try this setup.

So far I have everything working… ish.

1. On the main site when viewing traffic from the satellite sites the only ip I see is the gw ip of the bridge network, I can not see the device local ip.
   This has resulted in NPS (radius) not working when laptops are authenticating over the sd-wan and only way to fix this was to add the bridge ip as a radius client so the nps service will authenticate the clients. Not a big deal but a hassle.

2. The other problem is my print management server is not able to connect to the printers on satellite sites, still have not found a way to fix that.

3. And the same leads to 3CX not being able to upgrade phone firmware over the sd-wan as it can not contact the phone ip directly as it can not see it.

I am using the zone based firewall setup and traffic between sites is not being blocked in any way I can see.

If anyone knows a way to change this gw ip instead of local ip showing I would appreciate the help

I found out the problem so I am going to put it in here rather than deleting this post.

My problem was that in sd-wan settings I had “Enable subnet overlap with snat” checked. This is only used to block local networks on two sites from clashing if they are the same. In my case they are not so I did not need this.

After disabling this and clearing out the routes added for the hub and setting the local networks I wanted to allow access to under networks and adding the local networks on every spoke in the spoke part in sd-wan settings everything started working great. All ips are showing and access is good.

Always nice when people take the time to come back and type up what was wrong, might save “the next guy” some trouble.