Sophos Firewall

Discussions Failover WAN not failing over

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 26 replies
Subscribers 28 subscribers
Views 9470 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Failover WAN not failing over

M8ey over 6 years ago

Hey guys,

So I have 2 WAN links - one is Active and one is Backup - set to failover if the Primary fails by TCP not hitting 4.2.2.2 on Port 80 after 5 sec.

My Primary WAN port is Port 3 and shows Disconnected

My Back up Port is Port 8 and shows Connected

No matter what I try I cannot get the XG to failover to the backup connection.

Even swapping Active and Backup will not make them work.

In the FW rules I have Primary and Secondary connection but they should fail over.

What am I missing?

This thread was automatically locked due to age.

Parents

0 Krunal Patel over 6 years ago

Hi M8ey,

You will need to make sure both gateway status are Green under Network>WAN link manager
If any of these are not Green that means, it's not connected to ISP/4G

Edit the Active gateway and make sure failover rules are set as below
Cancel
Vote Up 0 Vote Down

Cancel
0 M8ey over 6 years ago in reply to Krunal Patel

Hey Krunal,

Yes this was configured correctly and the XG does fail over to the backup WAN.

Just wont pass traffic from the LAN (Read previous posts) - the Sophos Engineers are a little stumped as well.
Cancel
Vote Up 0 Vote Down

Cancel
0 Krunal Patel over 6 years ago in reply to M8ey

Do you have Web policy applied to the existing firewall rule?

Use Log viewer> Policy test to see which firewall rule is blocking outgoing traffic.

I would suggest to create a new firewall rule on TOP of the list, allow all LAN TO WAN Traffic from your static testing device, no user authentication, no web, no scanning and apply NAT. Select 1 ISP at a time.
Cancel
Vote Up 0 Vote Down

Cancel
0 M8ey over 6 years ago in reply to Krunal Patel

Yes we have tried all that Krunal.

Its not a FW rule blocking - its FW = 0 VIOLATION - Sophos Level 2 cannot work out why either :-)

Basically no matter what rules are in place - as soon as it fails LAN gets blocked.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 M8ey over 6 years ago in reply to Krunal Patel

Yes we have tried all that Krunal.

Its not a FW rule blocking - its FW = 0 VIOLATION - Sophos Level 2 cannot work out why either :-)

Basically no matter what rules are in place - as soon as it fails LAN gets blocked.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Krunal Patel over 6 years ago in reply to M8ey

Please check ,https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/101070/rule-0
Cancel
Vote Up 0 Vote Down

Cancel
0 M8ey over 6 years ago in reply to Krunal Patel

Krunal Patel said:

Please check ,https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/101070/rule-0

Not related at all sorry. That was a FW=0 not matching any rule and in this case a VPN and IPSEC.

I have a rule that matches and a failover configured and no matter what it will not send traffic. We created a rule just for this and it will not pass.

Believe me the Sophos Engineers are quite stumped as to why this is happening. We have taken 3 lots of Log Files and so far spend 12 hours diagnosing it over remote session during failover.
Cancel
Vote Up 0 Vote Down

Cancel