Inactivated VPN Tunnels shown as "Down" in Dashboard - WHY?

We have about 9 Tunnels from our site to different other locations.

From time to time some tunnels are intentionally(!) deactivated for maintenance or other reasons.

WHY does this color the Control Center icon yellow, indicating there is an error?

ALL intended(!) tunnels are up, so the indicator icon should be GREEN.

Any ideas regarding a good reason for this behaviour ?

Edited TAGs
[edited by: emmosophos at 5:35 PM (GMT -7) on 22 Jul 2021]
  • Actually this was the case back in the day but was changed to reflect the current behavior. Plenty of administrator complained about the fact, that the tunnel was "deactivated" and the webadmin showed "everything is fine". So Sophos changed this to "If a tunnel is created, but not used, this is a fault status". 

    I guess this is some sort of a preferential thing. 


  • Odd. I'd think that if an administrator disabled a tunnel, everything should be fine according to the VPN status o.0

  • Depends on the scenario. Do not forget, some people disable a tunnel and forget, they actually did this. Or sometimes there are multiple people working on one firewall. And most customers actually have a 100% up time policy with there tunnels. They do not disable a tunnel.


  • Totally agree: Extremely Odd.

    Administrators make the rules. If an Administrator intentionally disables a tunnel, the „disabled“ is the OK state. A Firewall is a product for people who know what they do.

  • I agree with that. If somebody forgot to turn on a tunnel (big oopsie) then I'm sure someone would notice fairly quickly due to connectivity issues. It just snuffs out the validity of that tunnel monitor if it's not only monitoring active tunnel status. Maybe have a little number in the corner for disabled tunnels. The issue with multiple people working on a firewall can also happen with people logging into the webadmin and seeing a red VPN status.