Brief description of my setup:
WAN1 is a hardline connection.
WAN2 is a cellular 5G connection, using a standalone antenna and modem.
SD-WAN 1 is configured for general internet traffic, where WAN1 is the default and WAN2 is failover, using TCP connection to 8.8.8.8 and 9.9.9.9 on port 53 for connection health checks.
SD-WAN 2 is configured for VoIP traffic, and configured as load balancing, selecting the best connection at any given time, using TCP packets to 8.8.8.8 on port 53, and 54.172.60.0 (twilio server) on port 5060 (SIP) for health checks eligibility.
The problem I'm having is that I am very frequently, 10-20 times a day, getting notifications that my Cellular WAN is down, then moments later, back up. However, the cellular WAN never actually goes *down.*
The alert email looks like "*ALERT* Sophos Firewall "X111039#######" - Gateway 'T-mobile WAN' is Down." I have worked with the antenna maker (cradlepoint) to try to diagnose any issues there, but we were unable to find any issues. There is no noted downtime on any of the antenna's hardware logs. He did note that sometimes cell providers will block ICMP traffic, which is why i switched my SD-WAN health checks to TCP, but the issue still persists.
Lastly, I am wondering if it is possible to change the Gateway's health check protocol (i believe the default is an ICMP ping)? If the gateway is part of a SD-WAN profile, are there still Gateway health checks being performed?
Edited TAGs
[edited by: emmosophos at 3:13 AM (GMT -7) on 31 Jul 2024]
