Learn about the Benefits of Multi-Factor Authentication (MFA) . Turn your MFA on now!
Information: Three minute survey on Exploring more ways to contact Sophos Technical Supportt. If you can spare the time, we would love your feedback!
We'd love to hear about it! Click here to go to the product suggestion community
Recently I installed a second WAN uplink using a LTE router. The router is powered with POE and is configured in bridge mode. Basically internet access works including multipath rules and uplink monitoring.
The IPs I get on the LTE link are dynamic and change everytime the connection is lost an reestablished. I configured the Interface at the UTM accordingly. My problem is that the UTM does not recognize if the external IP changes. I have to manually renew the IP (click the button).
In the logs I can see that the UTM gets a IP lease at first connection. If the connection drops the uplink monitoring recognizes that the connection is not working anymore. After the connection is restablished (with a new IP address) the old lease still seems to be used but of couse no communication is possible this way.
Is this a bug or is there a way to configure the UTM to get the new IP address on reconnection?
When the interface uses a dynamic address allocation scheme (such as DHCP or remote assignment), these definitions are automatically updated. All settings referring to these definitions, for example, firewall and NAT rules, will also automatically be updated with the changed addresses. What is the firmware version of the UTM? Any specific custom settings for Uplink or interface definitions? Is Auto Negotiation enable for the interface, check in Interfaces & Routing > Interfaces > Hardware.
In reply to sachingurung:
thanks for your answer but I think you missed the point in my first post. So please let me try to explain it a little further.
I know how the dynamic address allocation should work. And it works the first time the LTE router is connected or I manually trigger a renewal of the IP address. But if the connection is lost afterwards there seems to be no trigger for the UTM to renew the dynamic IP address. The behavior is the following:
First time connection (link goes up - WAN Interface des not have an address yet), LTE router is connected to the mobile network
Now the LTE router looses the connection to the mobile network
Now the LTE router reconnects to the mobile network. If it gets the same IP address from the provider everything is fine. But let's assume it gets a different IP address
My question is, how is this supposed to work? Nothing seems to trigger the interface to get a new IP address automatically. I can manually push the "renew" button or set the link down and up again but this is not a solution.
Has anybody a working setup here or an idea how this should work?
In reply to TPok:
I dont know if i get you right, but what if you specify a manual monitoring target, like 22.214.171.124?
Thanks for detailed explanation, as I mentioned in my previous response, the interfaces will automatically update itself with a new IP address. Verify one setting in Interfaces > Uplink Balancing > Monitoring Hosts > click on the wrenches option; what is the interval and timeout value set for the UTM to do the connectivity check here?
Interval: Enter a time interval in seconds at which the hosts are checked.
Timeout: Enter a maximum time span in seconds for the monitoring hosts to send a response. If all monitoring hosts of an interface do not respond during this time, the interface will be regarded as dead.
TPok, you didn't say which version you're using. If using custom Monitoring Hosts doesn't fix this, I would guess that the issue is the LTE connection (modem, ISP, etc.).
Assuming that REF_IntPppsXXXXXX is the REF_ of the Interface, you can do a renew from the command line with:
cc interface_dhcp_renew_lease REF_IntPppsXXXXXX
Cheers - Bob
In reply to BAlfson:
The UTM version is 9.509-3. Uplink Monitoring is setup with custom hosts and timeout values like suggested.
As stated above the problem is not about Uplink Monitoring. This works fine and detects if the connection is up or down. The problem is about the change of the ip address on one uplink interface that the UTM does not detect and tries to communicate with the old address.
Triggering the UTM to renew the ip address manually works. No matter if doing this through WebAdmin or the command line. The problem seems to be a missing trigger that tells the UTM to renew the ip address automatically after it changed.
As I don't know how to explain it more detailled the I did before I will open a support case. I think I have to show this to someone during a remote presentation. It seems to be to complex to explain it just with words.
I think your explanation is very clear TPok, but my guess is that the issue is an incompatibility with the LTE router. Please let us know what Support has to say.