Hi!
Our Site-to-Site VPN connections between various Sophos XG-firewalls are fairly stable but sometimes it happens that something gets stuck (e.g. connection is not established but does not reconnect until it is done manually even though DPD says to re-initiate, sometimes the connection is there but missing a subnet-SA or the connection is up but there is actually no traffic getting through the tunnel). These issues are then always solved by disconnecting and manually connecting the tunnel and we could not identify what causes them in the first place.
For this to happen automatically we would like to set some watchdog/connection check similar to the one used for the gateways. Is there something built in that I am missing? The goal would be to have a ping running on the Sophos XG to a target on the other side of the tunnel and if it fails about five times in a row then the tunnel should disconnect and reconnect automatically.
If this is not built-in then first it would be great to see this feature in the future and second: is it possible to script something like this? Is there a cron job or something that we can use for this task?
Thanks a lot for your help!
Cheers
Dominik
This thread was automatically locked due to age.
