Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 4 replies
  • Subscribers 38 subscribers
  • Views 1074 views
  • Users 0 members are here
Options
Suggested

Keep alive interval of a wan interface XGS116

Eva Pavli

Hello,
I need your kind assistance regarding a new Sophos XGS116 that I am using.
Can you please tell me how to set the keep alive interval of a wan interface?
It is set to ping at 8.8.8.8 but I do not know the interval of pings, how often they are.

Thank you in advance,



Added TAGs
[edited by: Erick Jan at 7:27 AM (GMT -7) on 26 Apr 2024]
Parents
  • +1

    Hi Eva,

    Thank you for reaching out to Sophos Community.

    To set the time after which Sophos Firewall determines that an unresponsive link is down, enter a value in the Gateway failover timeout field and click Apply.

    Kindly refer to the following for reference: 

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Erick Jan

    Hello Erick,

    Thank you for your helpful quick response.

    I have found the option you advised me, but I have one question.

    I have 2 WAN links and I want to have a failover between those two. If WAN1, which is my preferred link, is down, I want WAN2 to take over after 240 seconds. So in "WAN Link Manager" I have set the failover time at 240 seconds. The question here is this. Sophos will detect the WAN1 link "failure" after 240 seconds and switch to WAN2 or it will detect it instantly and switch to WAN2 after 240 seconds?

    On the other hand, I have seen that if I configure the two WAN links in SD-WAN profiles, I have more options regarding this failover procedure.

    Your advice is much appreciated.

    Thank you.

  • +1 in reply to Eva Pavli

    So: 

    Interval between sec is the time, the appliance sends a health check: every 2 seconds.

    If after 4 secs of each check, it considers this as a dead check.

    Gateway will be considered dead after 2 checks failed, 8 secs in your scenario. and 8 sec after it works again.

    And the SLA (when SD-WAN will use this gateway again) is after 30 samples, which means 30 checks have to work = 30x 2 = 60 sec.

    __________________________________________________________________________________________________________________

Reply
  • +1 in reply to Eva Pavli

    So: 

    Interval between sec is the time, the appliance sends a health check: every 2 seconds.

    If after 4 secs of each check, it considers this as a dead check.

    Gateway will be considered dead after 2 checks failed, 8 secs in your scenario. and 8 sec after it works again.

    And the SLA (when SD-WAN will use this gateway again) is after 30 samples, which means 30 checks have to work = 30x 2 = 60 sec.

    __________________________________________________________________________________________________________________

Children
Unfiltered HTML