Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 2766 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG v18.5.1 - Disable an Interface

larray

I read in several forum posts that the ability to disable and enable an interface was slated for a v18 feature set, but I do not see it - so I suspect it was not implemented?   That would be a pretty big step back to still be missing after 4 years of planned development.  It was a basic feature of the v9 UTM that I had to use somewhat frequently when Comcast loses its mind.  Now it seems like the whole appliance would need to be rebooted to resolve a communication issue?  (Note - I do have remote/console access to my Sophos, Comcast provides no such facility for the cable modem and thus it isn't resolvable as a Comcast problem (reboot the Comcast box to re-establish communication) but I could do similar with an interface reset).



This thread was automatically locked due to age.
  • 0

    Hi,

    you do not need to reboot your XG in most cases, just open in edit the offending interface and save it  is usually enough to cause an update reconnect. While this works most the time it is not satisfactory and last time a Sophos  support person responded was that is the way the RFC is written. Personally I think the interpretation is wrong but ...

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Much appreciated - will try this the next time the interface acts up. :)  However - I am unclear how a RFC (unless it is a Sophos RFC and design spec for the XG product line) would impact the ability to develop the equivalent of an ON / OFF switch into the GUI/Web Interface.  In fact I can think of times I may flat out want to turn off a segment of traffic administratively - Say I connect a Lab network to Port 3 or Port 4 and I want to down the interface and do Air Gapped work?  Or I ONLY want to enable an interface if it is an emergency to bring in another external connection.  There are a lot of reasons that simply downing an interface would be infinitely more preferable to setting the config to "None" and losing the config and having to re-enter it every time it was needed. 

    I actually set up a bunch of VLAN interfaces on the old XG product for different lab scenarios and when i was done I would disable the interface to ensure nothing would route to/from those networks.   The step back kind of baffles me. :( 

  • 0 in reply to larray

    Hi,

    I was only referring to the external interface. Another way would be to disable all the rules;es associated with your test interfaces including the DHCP server . The issue with the external interface is the auto-reconnect or refresh the connection does not happen a and even recorded but not actioned after a link failure, which implies one of two things, the XG does not see the link failure and register it to trigger a reconnect/refresh though the link failure is reported in the GUI and logviewer.

    Interestingly, if the WAN IP4 interface connection fails, the IPv6 does not always fail.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0

    There are quite a few things that get promised and then don't appear. Unless it makes a late appearance, it isn't going to be in v19 either, at least it isn't in the current v19 EAP2

    I can't think of any other networking equipment that I use where I can't disable an interface. Sigh.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?