Static route monitoring/tracking for failover
Sophos XG has the function to configure static route, but when two routes are configured for the same subnet with different metrics, it does not understand when to do the failover and to go to the larger metric.
What draws attention is that it is possible to configure, but it does not work.
Our suggestion is that we can configure static routes with probe so that XG can understand when to disable a static route and forward the packets to another static route with a larger metric
TI INFRA
shared this idea
2 comments
-
Johannes Zwirner
commented
This is an important feature - some other vendor calls this "route monitoring". I would like to emphasize that this isn't about having several routes with diffenrent metrics/distances, since the route will always be valid as long as the gateway is up. This is about changing a route if a desination *beyond* the gateway isn't reachable.
-
XG Fan
commented
Another vendor refers to this as ip sla tracking. The design shortcoming in XG is described at https://community.sophos.com/kb/en-us/123611 - Policy routes and firewall rules in XG support tracking but not static routes. Policy routes or firewall rules don't seem to affect XG-initiated traffic. Since static route seems to be the way to manage certain XG-initiated traffic from the gui, ip sla tracking functionality in the static routes gui would be helpful.
