Sophos Ideas / XG Firewall

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

← XG Firewall

Improve the WAN Gateway monitor

Improve the WAN Gateway monitor. Add Latency thresholds, Packet Loss thresholds.
This can help much to prevent false positive gateway status.
The same feature could be added on VPN Failover system

Best regards,

Carlos Cesario

242 votes
Sign in Sign in with Log in with your Sophos ID
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Carlos shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

12 comments

Sign in Sign in with Log in with your Sophos ID
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Brandon commented  ·   ·  Flag as inappropriate

    Agreed, failover is very limited currently due to this. And you can’t really force failover back if anything is using the connection either such as VoIP phones that register with a hosted vendor. Come on guys.

  • Chris commented  ·   ·  Flag as inappropriate

    WAN Failover needs at least to have ranges
    Example: Ping between 0 and 100 consider WAN up

    Packet Loss would even be better
    Example: Packet loss higher than 10% consider WAN down

    The other vendors have these options, WAN Failover is pretty useless when a line can have a 2000 ping and 75% packet loss and still be considered up... These are the most common problems with the biggest carriers in the US such as comcast...

  • Vikas Gupta commented  ·   ·  Flag as inappropriate

    I have 2 WAN link and I have enabled the notification but I am getting Down and Up notification within seconds and there is no use of this notification if my link is going down for 2-3 seconds only. This gap should be at least 30 second to 1 Minute so that I can get true down notification.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Configuring gateway fail over that was only 2 option via Ping/TCP. This only when WAN ISP link was down then only we will not able to ping outside IP or TCP to particular port But i want if ISP having Up-link failure and facing degraded performance and slow response then in this case existing Gateway will not fail over to other active ISP gateway until and unless that existing WAN ISP was down. so i want Latency monitoring option in Gateway Failover so if Sophos detected any Latency on existing Gateway it will switch over to next available gateway. Appreciate if you can enable these feature or any alternative to come over these.

  • Rod Arthur commented  ·   ·  Flag as inappropriate

    Please provide access to the WAN Gateway monitor graphs from Control Center Dashboard, rather than have to click through Network - WAN Link Manager to then finally get to the WAN Gateway Usage Graphs on RHS under Manage. On Cyberoam, these are available on the initial Dashboard allowing a quick check to see if the Backup Failover Gateway had activated in past day or week.

  • Hotte commented  ·   ·  Flag as inappropriate

    Please Add a fail-over rule for Test like up to differen dns - server... if the connection times out / no answer, you know what to do... ;-)

    Today I got one WAN - Link ping able (UP) but the Service Provider was not able to route ANY DNS REQUEST ( neither to the ISP-DNS nor the GOOGLE DNS 8888)

    THX

  • psykix commented  ·   ·  Flag as inappropriate

    Ability to add an IP address out on the internet for monitoring the gateway would be good - my modem doesn't respond to ICMP

XG Firewall: Base System + General UI

Categories

Feedback and Knowledge Base

(thinking…)
icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.