WAN Link Manager - What does Manual activation of gateway look like?

Hi DavidSain Yes your understanding is correct on this - Choose Manually to require manual activation. So one needs to log in and set it to Active from Backup with manual action.

Reference - docs.sophos.com/.../index.html

Thank you Vishal_R for you response. Since documentation does not define what the process looks like for manual activation, is the process to re-configure the settings so the backup is now active and the other is backup?  If so there is no point in configuring failover rules in the primary.

This is an issue because in a portion of our 300ish firewalls, some with redundant ISPs are mis-configured as the tech's deploying take Sophos defaults which do nothing in the event of an ISP failure.  Sophos FW defaults to the gateway IP so failover will only happen if the terminal onsite fails, not if the ISP has an outage (like someone ran their car into a pedestal or dug up their fiber).

I'm asking so I can write up a document so our L1s activate a backup connection if there's an after-hours issue. But it's as much work as having them read my SOP to setup up WAN Link Manager anyway so will just push them in that direction.

You could also use SD-WAN rules to utilize the backup connection.

Usually backup means: In case of default gateway usage, do NOT use a backup connection.

You still can call a backup ISP with SD-WAN connections. Meaning, you can use a sd-wan rule like "HTTPS to WAN use SD-WAN backup" without the manual usage.

Backup is more or less used for "charged" lines, as you do not want to reduce your data limit with youtube cat videos

You could also use SD-WAN rules to utilize the backup connection.

Usually backup means: In case of default gateway usage, do NOT use a backup connection.

You still can call a backup ISP with SD-WAN connections. Meaning, you can use a sd-wan rule like "HTTPS to WAN use SD-WAN backup" without the manual usage.

Backup is more or less used for "charged" lines, as you do not want to reduce your data limit with youtube cat videos

Oh, I like this answer. I leave both connections set to Active and the same weight and have the SD-WAN rules manage this. I can set First Available Gateway and the order of my preference to use their primary provider and if this fails, fall back to the alternate provider. Only negative I see is one can't set Session Persistence in the event traffic fails back, so might be problematic for shopping/banking apps. Session persistence only works for load balancing instead of First Available Gateway. But, maybe Load Balancing will do.  I'll play with this.  Thank you LuCar Toni .