Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 35175 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAN Link Management Failover issue

MikeDe Leon

Hi,

 

I'm testing the new release version of Sophos XG V16 and now currently stuck in WAN Link Management. It seems that Failover functionality is not working. I have 2 WAN links and currently testing a failover scenario but it does not work.

Using the default: NOT WORKING

Name
IP Address
Interface
Type
Activate on Failure of
Weight
NAT Policy
Status
Manage
GW1
192.168.2.1
PortE - 192.168.2.3/255.255.255.0
Active
N/A
100
MASQ
    
GW2
192.168.1.1
PortB - 192.168.1.100/255.255.255.0
Active
N/A
 100
MASQ
    

Using Active/Standby: NOT WORKING

Name
IP Address
Interface
Type
Activate on Failure of
Weight
NAT Policy
Status
Manage
GW1
192.168.2.1
PortE - 192.168.2.3/255.255.255.0
Active
N/A
100
MASQ
    
GW2
192.168.1.1
PortB - 192.168.1.100/255.255.255.0
 Backu
GW1
 100
MASQ
    

Also setting the Firewall Policy NAT and Routing to have Primary Gateway and Secondary Gateway or even setting it to None, Still NO Failover.

 

Any reasons why? Im using HW-SFOS_16.01.1.SF300-202 upgrade on a CR500iNG-XP (SFOS 16.01.1)

 

Tnx

 

 

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Mike, 

    A couple of quick questions. 

    1. Why have you set the weight as 100/100?

    2. What is the gateway failover condition?

    3. In the firewall rule, routing policy (are you selecting load balance, or primary and then backup)?

    Regards,

  • 0 in reply to varunparikh

    varunparikh said:

    Hi Mike, 

    A couple of quick questions. 

    1. Why have you set the weight as 100/100?

      > Tried setting them to 100/100 for the both gateways but still failover fails.

    2. What is the gateway failover condition?

      > Failover conditions sets to default for failed pings in the gateway.

    3. In the firewall rule, routing policy (are you selecting load balance, or primary and then backup)?

     > tried this aswell, leaving the WAN Link Manager settings all to default 1/1 or even 100/100 and then setting GW1 as primary and GW2 as secondary but still failover fails to switchover to the secondary link.

     

     tnx,

    Mike

  • +1 in reply to MikeDe Leon

    Could you please screenshot the failover conditions and show me?

    Please also check your DM.

  • +1 in reply to MikeDe Leon

    HI Mike, 

    Could you change the default Gateway condition to Ping 8.8.8.8 on both internet gateways. Also reduce the failover timeout to 20 seconds.

    Thanks 

    Aditya Patel 

Reply Children
  • +2 in reply to Aditya Patel

    Hello Mike,

    Please see the configuration screenshots from my lab. (Network > WAN Link Manager)

    1. Active gateway failover rules

    2. Backup gateway configuration

    3. Firewall rule configuration

     

    Please test with these settings and I am hopeful that it will work for you as expected.

    Regards,

  • +1 in reply to varunparikh

    Hi varunparikh,

     

    Thnx for your help. You're correct that it's the LAN > WAN rule. There's a mixed up in my firewall rule as the destination also contains other zone other than the WAN. For the WAN loadbalancing and failover works, the destination Zone should only be "WAN". It's all working now.

     

    Thank you for your help!

     

    Regards,

     

    Mike

  • 0 in reply to varunparikh

    Hi varunparikh

     

    When configuring WAN load balancing, do i need to add two static route ?

    Like suppose i have 0.0.0.0 0.0.0.0 192.168.99.1 >> Primary ISP , do i need to add another route for second ISP with AD distance ?

     

    Also referring to your screenshot above, on firewall rule WHY not choose WAN load balance and use Primary and backup instead ?

     

  • 0 in reply to Vikram Gopaul

    Hi Vikram ,

    A static route is not needed in this scenario. 

    Technically the option is provided if there 2 or more WAN interface configured.  The default is set to load balance, but it is up to the user to choose the primary and secondary if needed to alter the traffic path for a set of rules. 

    e.g.

    As per the gateway, GW1 is active and GW2 is the backup. 

    As per the rule, the default gateway setup will follow the GW1 as primary and GW2 as secondary. In some cases, the administrator wants to divert some high profile traffic to another gateway and he could set manually the primary as GW2 and secondary as Load balance or GW1. 

    As for the Static route, it is not needed the kernel shall devise the route for you as per the rule and fail-over gateway setup. The static route is only used when you wish to overide the kernel route. 

  • 0 in reply to Aditya Patel

    Thanks for the clarification.

    But in an active-active scenario, what's better, use WAN Load Balance as primary on the rules, or primary and secondary GW ?

     

    Thanks