Hello, we have an question because in the past we have problems with DNAT when configuring our two WAN-links as active/passive. As a workaround we configured the two interfaces as active/active, but now the problem is the second link (which is limited…

Hi all, I was hoping I can seek some guidance on this forum. Currently, we are using our Sophos XG Firewall to connect to our network on Azure using an IPSec VPN Tunnel. We do have two ISP running in our building one being main and other being backup…

Hello, I am looking to confirm if the below is feasible. We have a HO and BO. The BO hosts a number of production servers and so there is an SD-WAN Connection Group that connects the two firewalls and allows certain services to certain VLAN networks…

Hello, everybody! Got a quick question for the experts out there. I'm trying to set up an IPsec VPN Failover Group between two XGS firewalls, HQ and Branch, each with two WAN connections. I created 4 tunnels (two for each WAN connection) and added them…

Hello, We have two ISPs set up for our client's firewall. The main one is static, and the other backup is dynamic. My concern is that if the failover ISP is on dynamic, that could prevent us from remotely getting into the firewall to switch the failover…

Hi, I've setup 4G WAN fallback if the primary NBN connection goes down. I've confirmed the 4G WAN connection is working. However, when the primary WAN connection goes down, it's not falling over to the 4G WAN. This is the failover rule I have in…

Help me create an IPSEC failover for a headquarters and branch office with 2 gateways each. I would like to create a high availability scenario, as the links in both locations fluctuate a lot. I thought about doing it like this: The Branch initiates…

Hi Guys, One of our customers has 3 ISP links and he needs to configure one ISP for the Active and the other two as a Backup line, When active links go down, we have to use both backup links to share the traffic. Is there any workaround for that scenario…

I have two ISP's connected to my firewall, one is the dedicated WAN connection & the second is the failover WAN Connection. both have static IP's. I need an option to have the firewall update a single DDNS Address when the Dedicated WAN Connection fails…

Good day, I've been struggling with this issue here for quite some time. We have a Site-to-Site VPN setup to external company with NATed ranges. Have setup the firewall to fail-over to backup ISP should the primary ISP fail. Trying tested it multiple…

Hi Guys, One of our customers uses a 3CX system and has a separate MPLS connection for it. They bypassed the link to 3cx and accessed their 3cx server through the internet. Now they are requesting us to configure router traffic using the MPLS link…

We are adding Verizon boxes for failover port 3 static ip from ISP port2 Verizon DHCP, when I tested the failover today, the internet remained at the site, but i was not able to manage it from there portal. Has anyone else had experience with this?

Hello all! I have a Sophos XGS firewall configured with one LAN and two WAN interfaces. The two WAN links are configured in failover mode, the backup link being activated when the primary one goes down. The backup link has limited bandwidth. I need…

Hello, I have a problem with the backup link in Sophos. We received an LTE link that works and has the correct address set. The "Type" options were set to "Backup" and the "Activate on failure of" rule was set to the main link. The problem is that when…

Hi, community. I have an issue with my failover VPN to Azure. I have an XG210 v19, connected to 2 ISPs. I have a VPN connection to Azure cloud for SAP services. As recommended for Sophos, I created the VPN as tunnel interface, with xfrm interfaces.…

Hi, I need a little help. I have client that has three WAN connection. One set to Active and two Backups. How can I choose which backup connection will take over first, if the Active one, fails? I have this option: but it let me choose only between…

I often receive the following error when trying to update a failover rule for one of my gateways: "Gateway failover rule could not be updated" I can't find any consistency in how to re-create this. I'm not sure if the problem also existed in v18.x…

The failover rule for a WAN link only allows for failover to "any available gateway." What if I want it to fail to a specific gateway, one that is active all the time? I have 3 WAN connections--these are ALL active connections ALL the time. Fios 1000…

GREETING!!! 1. I have site-1 and site-2 with there own sophos xg firewall connected to wan link on port-8, port-1 is on lan, and port-f1 uplink is connected on both sides. so what rule should i create to bypass the traffic from site 1 to site 2…

It sounds like I have a very specific use case that no one else has brought up in tutorials. I have two WAN links, one being the main gateway, and a LTE failover (we require this for our POS system). We consume a lot of data, and I don't want to overwhelm…

Hello, I have 2 WAN port as long both are working everthing is ok. But as soon my 2. Fritzbox is dead (Cable Fritzbox fails like once a year, but thats another story) there is no regular outgoing network anymore. In WAN Manager both are ok, in the…

Hi everyone, I've just read some threads about similar problem without luck. My XG is configured with a primary wan as active and a second line as backup. I've configured a couple of SD-WAN rules to redir always on the second wan the traffic for some…

HI All Right now we implement MPLS with VPN as backup base on KB-000035833 document. Our MPLS connect with multiple site also VPN Tunnel connect to multiple tunnel to backup MPLS. As per document we need to add system link_failover add primarylink…

Hello, good day, We have an XG 230 with the version SFOS 18.0.5 MR-5 and have created an IPsec connection in a failover group. The switch between active and passive works. If the primary internet line is then active again, the automatic failback function…

HI All I configure Sophos XG firewall secondary gateway and I enable failover when the active fails to take over however I couldn't access the sites I publish from outside my network. what I should do in order to work? Thanks