Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 40 subscribers
  • Views 3989 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAN Port Frequently gets Down and automatically up after 2 minutes

S Naeem

Summary 100

We are using the Sophos XG 450 Firewall last 2 years ,now we have received Alert Message on E-mail that your Sophos XG 450 firewall WAN port is Down. after that we received another message WAN port Up this problem we have facing this problem for last 2 day and 2 to 3 times a day port get up and down frequently we have configure the WAN port only, not failover so please suggest me how to resolved this issue .

below is the screenshot for reference:

Syed Naeem ahmed 

naeembs82@gmail.com 



This thread was automatically locked due to age.
Parents
  • 0

    I think you may be confusing two things here. Do you lose internet connectivity when you get the alerts, your post doesn't make this clear? Or is it just that you keep getting the alerts?

    If you are losing internet connectivity, ignore this post and follow the advice you have been given so far! If it is just the alerts that are a problem, you need to look at your "Wan Link Manager" settings. It doesn't matter if you aren't using failover, there can still be failover rules that test if the gateway is available and it is these rules that generate the alerts.

    It is typical for the failover rule to be a ping to the next IP hop. In the example above the next hop is a private IP because the XG is behind another internal router. More typically, the IP will be the gateway address of your internet provider. The problem with this is that if for any reason the next hop doesn't respond to the ping, you will get an alert. It may not respond to a ping because it is down but sometimes gateways don't respond for other reasons. In this case, you may not lose internet connectivity but you will get an alert. This might be what is happening to you.

    If you are using a single ping like above, it should always be set to the next hop (gateway address of the internet provider). Don't set it to something like 8.8.8.8 (google DNS) because the ping could fail on any of the hops to that IP but it doesn't mean your gateway is down.

    There is another way to avoid false positives by using more than one ping test. We do have two internet connections and use failover but you can do the same even if you only have one WAN connection.

    If you look at our Failover rules, you can see we test on two pings and BOTH have to stop responding before you get an alert (and in our case, the failover takes place). This prevents us getting false alerts (and failover) if one of sites we are pinging stops responding for any reason.

Reply
  • 0

    I think you may be confusing two things here. Do you lose internet connectivity when you get the alerts, your post doesn't make this clear? Or is it just that you keep getting the alerts?

    If you are losing internet connectivity, ignore this post and follow the advice you have been given so far! If it is just the alerts that are a problem, you need to look at your "Wan Link Manager" settings. It doesn't matter if you aren't using failover, there can still be failover rules that test if the gateway is available and it is these rules that generate the alerts.

    It is typical for the failover rule to be a ping to the next IP hop. In the example above the next hop is a private IP because the XG is behind another internal router. More typically, the IP will be the gateway address of your internet provider. The problem with this is that if for any reason the next hop doesn't respond to the ping, you will get an alert. It may not respond to a ping because it is down but sometimes gateways don't respond for other reasons. In this case, you may not lose internet connectivity but you will get an alert. This might be what is happening to you.

    If you are using a single ping like above, it should always be set to the next hop (gateway address of the internet provider). Don't set it to something like 8.8.8.8 (google DNS) because the ping could fail on any of the hops to that IP but it doesn't mean your gateway is down.

    There is another way to avoid false positives by using more than one ping test. We do have two internet connections and use failover but you can do the same even if you only have one WAN connection.

    If you look at our Failover rules, you can see we test on two pings and BOTH have to stop responding before you get an alert (and in our case, the failover takes place). This prevents us getting false alerts (and failover) if one of sites we are pinging stops responding for any reason.

Children
  • 0 in reply to JasP

    I am having this issue too at one of our sites on a XG125 running v18.05 (MR5). I changed the failover rules like you suggested above a couple of weeks ago and the device still goes down 8-10 times a day for 15-20 seconds at a time. No help from Sophos and there doesn't appear to be anything in the logs either. I wonder how widespread an issue this is?

Unfiltered HTML