Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 27 subscribers
  • Views 475 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect gateway_order by latency

Scott Meadows

Does the gateway_order by latency actually work in Sophos Connect version 2.0.001? I've tried testing this feature and it doesn't seem to work. It seems the lowest (or first) IP address in ovpn file is always used.

My setup has the following components:



This thread was automatically locked due to age.
Parents
  • 0

    Hi Scott,

    the provisioning hostname is used to connect to the user portal and download the vpn config for the user. If you specify multiple gateways in the file, (multiple "gateway":... lines) pointing at multiple firewalls, then the order will work as you're expecting, selecting the firewall that has the lowest latency. If you're using a single firewall though, adding multiple gateways to the provisioning file will be less useful, since the vpn config downloaded through any hostname used, will be the same.

    Are you setting the override hostname for ssl vpn? if you are, then the client will only see a single host to connect to, and will use whatever the first IP it resolves to is. If you leave it blank, then all interface addresses will be included in the vpn config file, and I believe it will then check the latency of each of them, according to your order preferences. If you have dynamic public IPs, then when they change, the client will use the hostname in the provisioning ile to update its config before connecting, which will let the client discover the latest public IPs. 

Reply
  • 0

    Hi Scott,

    the provisioning hostname is used to connect to the user portal and download the vpn config for the user. If you specify multiple gateways in the file, (multiple "gateway":... lines) pointing at multiple firewalls, then the order will work as you're expecting, selecting the firewall that has the lowest latency. If you're using a single firewall though, adding multiple gateways to the provisioning file will be less useful, since the vpn config downloaded through any hostname used, will be the same.

    Are you setting the override hostname for ssl vpn? if you are, then the client will only see a single host to connect to, and will use whatever the first IP it resolves to is. If you leave it blank, then all interface addresses will be included in the vpn config file, and I believe it will then check the latency of each of them, according to your order preferences. If you have dynamic public IPs, then when they change, the client will use the hostname in the provisioning ile to update its config before connecting, which will let the client discover the latest public IPs. 

Children
No Data