Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 35175 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAN Link Management Failover issue

MikeDe Leon

Hi,

 

I'm testing the new release version of Sophos XG V16 and now currently stuck in WAN Link Management. It seems that Failover functionality is not working. I have 2 WAN links and currently testing a failover scenario but it does not work.

Using the default: NOT WORKING

Name
IP Address
Interface
Type
Activate on Failure of
Weight
NAT Policy
Status
Manage
GW1
192.168.2.1
PortE - 192.168.2.3/255.255.255.0
Active
N/A
100
MASQ
    
GW2
192.168.1.1
PortB - 192.168.1.100/255.255.255.0
Active
N/A
 100
MASQ
    

Using Active/Standby: NOT WORKING

Name
IP Address
Interface
Type
Activate on Failure of
Weight
NAT Policy
Status
Manage
GW1
192.168.2.1
PortE - 192.168.2.3/255.255.255.0
Active
N/A
100
MASQ
    
GW2
192.168.1.1
PortB - 192.168.1.100/255.255.255.0
 Backu
GW1
 100
MASQ
    

Also setting the Firewall Policy NAT and Routing to have Primary Gateway and Secondary Gateway or even setting it to None, Still NO Failover.

 

Any reasons why? Im using HW-SFOS_16.01.1.SF300-202 upgrade on a CR500iNG-XP (SFOS 16.01.1)

 

Tnx

 

 

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Mike, 

    A couple of quick questions. 

    1. Why have you set the weight as 100/100?

    2. What is the gateway failover condition?

    3. In the firewall rule, routing policy (are you selecting load balance, or primary and then backup)?

    Regards,

  • 0 in reply to varunparikh

    varunparikh said:

    Hi Mike, 

    A couple of quick questions. 

    1. Why have you set the weight as 100/100?

      > Tried setting them to 100/100 for the both gateways but still failover fails.

    2. What is the gateway failover condition?

      > Failover conditions sets to default for failed pings in the gateway.

    3. In the firewall rule, routing policy (are you selecting load balance, or primary and then backup)?

     > tried this aswell, leaving the WAN Link Manager settings all to default 1/1 or even 100/100 and then setting GW1 as primary and GW2 as secondary but still failover fails to switchover to the secondary link.

     

     tnx,

    Mike

  • +1 in reply to MikeDe Leon

    Could you please screenshot the failover conditions and show me?

    Please also check your DM.

  • +1 in reply to MikeDe Leon

    HI Mike, 

    Could you change the default Gateway condition to Ping 8.8.8.8 on both internet gateways. Also reduce the failover timeout to 20 seconds.

    Thanks 

    Aditya Patel 

  • +2 in reply to Aditya Patel

    Hello Mike,

    Please see the configuration screenshots from my lab. (Network > WAN Link Manager)

    1. Active gateway failover rules

    2. Backup gateway configuration

    3. Firewall rule configuration

     

    Please test with these settings and I am hopeful that it will work for you as expected.

    Regards,

  • +1 in reply to varunparikh

    Hi varunparikh,

     

    Thnx for your help. You're correct that it's the LAN > WAN rule. There's a mixed up in my firewall rule as the destination also contains other zone other than the WAN. For the WAN loadbalancing and failover works, the destination Zone should only be "WAN". It's all working now.

     

    Thank you for your help!

     

    Regards,

     

    Mike

Reply
  • +1 in reply to varunparikh

    Hi varunparikh,

     

    Thnx for your help. You're correct that it's the LAN > WAN rule. There's a mixed up in my firewall rule as the destination also contains other zone other than the WAN. For the WAN loadbalancing and failover works, the destination Zone should only be "WAN". It's all working now.

     

    Thank you for your help!

     

    Regards,

     

    Mike

Children
No Data