Sophos XG Firewall - License activation unavailable (error XG-00151). See KB-000043485 for the latest updates.
We are trying to find out why the connection between the perimeter FW and the internal FW in LACP (802.3ad) is presenting traffic only through one of the interfaces?
I share the network diagram with you. The teams are XG330 and XG430 these are connected to each other. The traffic is supposed to be balanced between the two but I only see the same one traveling through one of the interfaces.
On the side of the XG430 it is configured in the LAN ZONE (PORT7 + PORT8) and the XG330 is configured in the WAN ZONE (PORT7 + PORT8). See the screenshots.
lferrara can you check this out please.
Bandwith-monitor from CLI of both firewalls.
We would like to know why the traffic is not being balanced with the configuration in LACP (802.3ad) between the interfaces. In the GUI i can see an upgrade of the interface from 1000MBps to 2000MBps.
But at this point we are having low bandwith from our ISP. But when we connect directly to the router we get all the bandwith we contract with service provider.
When we disconnect the PORT7 the traffic begins to flow through the PORT8 but if we reconnect the PORT7 the traffic returns to flow only through the PORT7.
Configuration of the interfaces in both FIREWALLS.
Then use Layer3+4 on both firewalls.
Those xmit hash policies decide when to use which interface. And Layer2 is only MAC based. Therefore it only used one interface.
If you move to Layer3+4 it will use…
Which Mode do you use on the Switch? Expand the LACP option in the firewall, check the hash method and check, which the switch uses.
Hi, LuCar Toni
The advanced configuration in both firewall is this.
The LAG configuration does not have a switch between the XGs. The connection is made directly between both firewalls (FRONTEND / BACKEND).
The connection between the BACKEND and the switch is a simple LAN connection.
FRONTEND is LAN (ZONE BACKEND)
BACKEND is WAN (ZONE WAN)
If you move to Layer3+4 it will use IP/Port and load balance.
After i did the change you suggest the traffic is balanced with both ports. I will be monitoring the traffic and let you know if everything its ok.