Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 15 subscribers
  • Views 7272 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Constant "Resource is unreachable" on multiple WAN's (Load Balancing) with ZTNAaaS.

Prism

Hello!

I'm currently using ZTNAaaS with Sophos Firewall v20 EAP, one thing I've noticed is whenever one of the two available WAN's fail or is either on high latency or packet loss - I receive a constant alert through Sophos Central about "Resource is unreachable".

Is there a way to suppress those alerts? Or is there a way for the ZTNA Connector to use both WANs at the same time so the service doesn't get affected if a single WAN goes down?

This isn't an issue with the services themselves, since their all working as expected when I receive the alerts, interesting enough this didn't happen with the ZTNA VM Gateway.

Thanks!



This thread was automatically locked due to age.
  • +1

    Hello,

    We currently do not have a way to suppress or mute alerts. The current implementation on the firewall gateway is such that the tunnel to the S cloud from the firewall goes via a single WAN link, and the tunnel gets re-established on the second WAN link in case of a failover. Concurrent tunnels are not established on both WAN links. This is something I will add to the backlog. 

    You might not see this in the VM gateway, as the implementation differs slightly. In the firewall gateway, all the services are hosted on the cloud. So, if there is a WAN link failover, the tunnel gets re-established, and hence, the connectivity between the gateway services and resource is also disrupted. On the VM gateway, services run locally. So, if the WAN link goes down, the connectivity between the gateway and the local resource server could still be active. 

Unfiltered HTML