Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 27 subscribers
  • Views 1896 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG with 2 external legs - shifting the GW for a client: reboot of XG required

GernotMeyer

Hi,

 

we have a Sophos XG with 2 external legs (DSL and Cable). SFOS is 17.5 - actual.

I am changing the GW for a FW rule to route IP phones through DSL (default is cable). I can see that all traffic is routed to DSL after this. So I reboot the IP phone. No connection to the external IP cloud any more.

This is changing after rebooting the XG. Connection is coming up.

Strange behavior. I could not reboot the firewall every time after changing one FW rule.

Bug?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    sounds a little strange, maybe a hardware fault? What sort of XG is it?

    An alternative to restarting the XG is to open the network interfaced save it without making changes while this issue is investigated. Also might be caused by the change of gateway and the XG not dropping the traffic connections through the original gateway until they time out. I am not sure how to overcome this unless you are using clienteles users, then you do the change of status without rebooting the XG.

    Ian

  • 0 in reply to rfcat_vk

    Sophos is XG85w

    I'll try next time. Thanks for this hint.

  • 0 in reply to GernotMeyer

    Hi,

    I tried without success. Updated the LAN Interface (on which the Telefones are connected).

    Rebooting the firewall is necessary!

  • 0 in reply to GernotMeyer

    Hi,

    very simply unless you are using user management changing gateways will not work without a reboot. The session does not drop unless the link fails or the user is disabled and then re-enabled. If you do this through the drop connections setting the only way to connect the user again is with an XG restart. 

    The XG maintains the connections through the old rule, so you would have to disable the rule to cause the connections to drop and re-establish when the new rule is activated.

    How long the timeout is I don't know so a forum mod will hopefully chime in with details.
    Ian

  • 0 in reply to rfcat_vk

    OK. Thanks for reply.

    I am astonished because the logfile shows that traffic is going via new GW the moment I pressing "apply" for that rule (shifting from GW 1 to GW2)!

    So logfile and reality are not the same?!

Reply Children
No Data