Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 27 subscribers
  • Views 3945 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG as RED client: WAN link manager (active/backup)

scorpionking

I have a self built XG at home and I'm using a RED Tunnel to a Sophos UTM (server) at another Site. The XG is "RED legacy client".

My XG has 2 internet connections: primary is a VDSL 100 (Germany), second is backup with LTE.
I've configured the LTE connection as backup only when all active WAN interfaces fail because I have limited data transfer volume on the LTE connection.

Sadly there is a short disconnection (about 10-60 seconds) on the main line after 24h hours (enforced by the provider, called "Zwangstrennung").

Recently I've noticed that my LTE data volume was exhausted although the main line has been available all the time.

After some research I've found out that the RED connection seems to switch to the LTE line when the main line has the "Zwangstrennung" and does not switch back when it is available again.

So how can I force the RED tunnel to the main line as long as it is available?
Otherwise my data volume is exhausted after about 10-15 days and the backup line is useless for the rest of the month.



This thread was automatically locked due to age.
Parents
  • 0

    Try to use the Note in this KBA. https://community.sophos.com/kb/en-us/125101

     

    Observe the connection via tcpdump, if it takes the correct connection. 

     

    Another Point is, did you already select the option in Gateway:

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Try to use the Note in this KBA. https://community.sophos.com/kb/en-us/125101

     

    If I understand that note correctly, this is only for the RED server!? My XG is RED client, the RED server is a Sophos UTM on a small vServer with only 1 WAN interface.

    Another Point is, did you already select the option in Gateway:

    Yes, I've set that already like in your screenshot.

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0 in reply to scorpionking

    Any other ideas?

    In my understanding this should be considered as a bug as internal services should follow the WAN linkm manager settings as any other rules do...

     

    This can be a real pain if you have 2 WAN lines, one very fast and one very slow and you cannot force the RED tunnel to only use the slow one if the fast fails...

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0 in reply to scorpionking

    Can you dump this connection - actually going still over the backup interface, while the Primary Interface is back online?

    __________________________________________________________________________________________________________________

Reply Children
No Data
Cookie Information Banner