Sophos XG HA PPPoE slow reconnect

Hello!

I have 2 PPPoE WAN connection to each other Sophos appliances

If i switch to the passive device manually or if one of the monitored interfaces goes down the pppoe reconnect time is so long, maybe this caused by the ISP modems?

I am interested in any ideas

Thank you!



Edited TAGs
[edited by: emmosophos at 11:39 PM (GMT -7) on 21 Mar 2022]
Parents
  • Hi,  Technically it is not possible to have a PPPoE connection from both PRIM and AUX on the same link at the same time, and considering that fact PPPoE configuration on XG with HA setup is only supported with Active-Passive mode.

    Now during HA failover PPPoE will disconnect as PPPoE is not running on the AUX machine and AUX (node) which has taken the role of primary will start the PPPoE connection again with ISP modems. During this disconnection now syslog.log will give more clues why the delay happens in reconnecting PPPoE by analyzing the PPPoE handshake status.

    Note: In the past, with such issues, it was observed that the new primary node (after HA failover) was not receiving PADI packets response because of MAC binding at the ISP end/ ISP modem.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Reply
  • Hi,  Technically it is not possible to have a PPPoE connection from both PRIM and AUX on the same link at the same time, and considering that fact PPPoE configuration on XG with HA setup is only supported with Active-Passive mode.

    Now during HA failover PPPoE will disconnect as PPPoE is not running on the AUX machine and AUX (node) which has taken the role of primary will start the PPPoE connection again with ISP modems. During this disconnection now syslog.log will give more clues why the delay happens in reconnecting PPPoE by analyzing the PPPoE handshake status.

    Note: In the past, with such issues, it was observed that the new primary node (after HA failover) was not receiving PADI packets response because of MAC binding at the ISP end/ ISP modem.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Children
No Data