This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Faster IPSEC shut down

I'm attempting to find a way for us to detect and shut down IPSEC tunneled interfaces fast for fast route recovery. I've configured 2 18.5.3 mr3 firewalls in eve-ng and built 4 tunnels between (2 WANs on each).

The IPSEC tunnels are RSA tunnel interface style, with IKEv2 modified for DPD with 10 second hellos and 25 second hold timer. I have the IKEv2 stated to disconnect on loss, which I would assume would happen in the 25-35 second timeframe - however, the tunnels take 160-180 seconds to drop after dropping the internet path from one of the 4 WAN interfaces.

Is this common - or am I hitting a bug in 18.5.3 mr3?

This thread was automatically locked due to age.

Top Replies

LuCar Toni over 1 year ago +1

IPsec needs some time. But you can use SD-WAN Rules to do this in real time if you want.

Parents

0 LuCar Toni over 1 year ago

IPsec needs some time. But you can use SD-WAN Rules to do this in real time if you want.

__________________________________________________________________________________________________________________
Cancel
Vote Up +1 Vote Down

Cancel
0 Matthew LaComb over 1 year ago in reply to LuCar Toni

I'm about 2 months new to the Sophos platform. Any quick guidance as to where to start? (I know I can google, but maybe something that's more targeted to what I'm trying to accomplish - fast route failover)?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Matthew LaComb over 1 year ago in reply to LuCar Toni

I'm about 2 months new to the Sophos platform. Any quick guidance as to where to start? (I know I can google, but maybe something that's more targeted to what I'm trying to accomplish - fast route failover)?
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data