Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Uplink / WAN monitoring

Hi,

As a home user who has recently migrated from the UTM to XG firewalls I've a question about uplink monitoring. Where I live the ADSL broadband is slow and, at times, flaky so I also have a 4G connection. These are both via separate ethernet connected routers connected to dedicated NIC's on the XG PC (software appliance) and configured as active / active links.

On the UTM system it would constantly monitor these uplinks / WAN and alert if either went down. On the XG firewall in "WAN Link Manager" tab it currently shows both links as being up, presumably as the both routers are up, but I know that the ADSL line has dropped. Is this possible to monitor the full links (i.e. I guess via PING to Sophos, or similar) or could it be incorporated in a future version?

Thanks,

Colin



This thread was automatically locked due to age.
Parents
  • FormerMember
    +1 FormerMember

    Hi Colin B,

    Upon adding a gateway, Sophos Firewall adds a default failover rule indicating that if it is not able to ping the recently added gateway IP address, then this gateway is considered down.

    If you have failover condition to ping gateway, even if there is no internet access, gateway will respond to ping from the firewall. 

    I would suggest to change the failover condition to ping external IP such as 8.8.8.8 or 1.1.1.1. If this issue is with the ISP and not with the gateway ping to those external IP would fail and firewall will change the status of the link accordingly. 

    Try to configure the failover condition as per this screenshot: 

    Note: Sophos Firewall notifies administrators via email about all changes in gateway status. This can also be viewed in Log Viewer.

    Thanks,

Reply
  • FormerMember
    +1 FormerMember

    Hi Colin B,

    Upon adding a gateway, Sophos Firewall adds a default failover rule indicating that if it is not able to ping the recently added gateway IP address, then this gateway is considered down.

    If you have failover condition to ping gateway, even if there is no internet access, gateway will respond to ping from the firewall. 

    I would suggest to change the failover condition to ping external IP such as 8.8.8.8 or 1.1.1.1. If this issue is with the ISP and not with the gateway ping to those external IP would fail and firewall will change the status of the link accordingly. 

    Try to configure the failover condition as per this screenshot: 

    Note: Sophos Firewall notifies administrators via email about all changes in gateway status. This can also be viewed in Log Viewer.

    Thanks,

Children