I have a Sophos that has a publicly accessible IP address which I will call 47.x.x.x, and this same IP is also publicly reachable via DNS name which I will call myhost.com.
I have IPsec set up and working on my Sophos v20 firewall.
I have Sophos Client 2.2 set up on a remote laptop.
I have three .scx files, one that uses gateway 47.x.x.x, and one that uses gateway myhost.com, and one that has both, with this config:
"gateway_order": "in_order",
"gateway": "myhost.com",
"gateway": "47.x.x.x"
Based on thorough testing of the two single-gateway profiles, it is certain that both gateways work. And yet, even though I have the domain name listed first, it always skips that one and connects to the IP-address gateway, 47.x.x.x.
My guess is that perhaps the domain name gateway takes a few seconds to connect, and Sophos Client then gives up and tries the next one. If this is the case, is there anyway to increase the timeout so this doesn't happen? I do not want the IP gateway to be used unless the domain-name gateway is not working.
If it is not a timeout issue, then perhaps it is some kind of bug, and the "in_order" parameter is not working?
Feature request:
When Sophos Client is attempting each gateway, maybe the status pop-up in the app can say something like:
"Attempting to connect to myhost,com..."
"Connecting to myhost.com failed due to <whatever reason>"
"Attempting to connect to 47.x.x.x..."
etc.
This way the user can see which gateways were tried, and in what order, and how long each attempt took, and the cause of any failures.
Added TAGs
[edited by: emmosophos at 5:56 PM (GMT -7) on 2 May 2024]
