Sophos Tools - Ping fails the first packet when I set the source interface for the backup link.

Question

Translator

Hi Guys! 
 The firewall loses the first packet when I use the backup link to test ping to 8.8.8.8 or 1.1.1.1. We analyzed the logs and found that the first packet loss is associated with an ARP request for the destination IPs. Is this a natural behavior of Sophos or is it a BUG? 
 Note. When we switch the link to operate as active, it does not send ARP requests to the destinations and does not lose the first ICMP packet. 
 Logs:

Vishal_R · Answer

Hi Lukas Venuti As far as I know, manually setting up the Gateway with the backup type, will remove the default route from the XG routing table for that Interface Gateway.

When you are generating the PING with binding an Interface, there are no matching routes for that IP on that interface, and due to that, it will blindly trigger an ARP request for any IP that is not it's own.

When the Link is active, the default route is there on that same Interface via the next hope with gateway IP, and due to that reason PING requests to any outside IP, the XG routing table knows how to reach that IP via which next hope.

Erick Jan · Answer

Hi, 
 Thank you for reaching out to Sophos Community. 
 Have you tried to use any how-to videos, documentation, Sophos Assistant, or KBA to try to check the issue? 
 This is normal, as the first ping usually does its ARP function. 
 You may check the following link for reference: 
 www.pathsolutions.com/.../PathSolutions-Why-Does-the-First-Ping-Usually-Fail.pdf

Sophos Tools - Ping fails the first packet when I set the source interface for the backup link.

Top Replies