DDNS update interval should not be needed when Port IP is used
In the Host details section under the Dynamic DNS tab, IPv4 address can be set to either Use port IP or IPNATed public IP. Below that is the option for IP edit checking interval.
If I understand this correctly, when set to IPNATed public IP, the XG firewall has to contact some server on the internet to determine what the public IP is. Therefore, it makes sense to set an interval at which it will contact this server.
However, when set to Use port IP, the XG firewall should be aware at all times what the port IP address is and should be able to immediately update DDNS if it changes. When set to Use port IP, the IP edit checking interval should therefore be grayed out or disappear.
The way it works now, the interval is used either way. Even if a reboot occurs between one check and the next, it still wait for the end of the interval.
JB, thanks for your reply.
First, I and my customers care as I will explain below.
Second, I understand the purpose of the setting Use port IP or IPNATed public IP. My proper understanding of it was the premise of my request. I basically concur with your explanation.
IPNATed public IP: When the WAN port receives an address that is not reachable from the internet (generally 10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) because the Sophos is behind another router, the WAN IP address of the upstream router can change and the Sophos would be unaware of this change if it did not check for it. Presumably, it would have to communicate with some server on the internet to learn what its IPNATed public IP is. Of course, you don't want to check every second and waste bandwidth so you set a reasonable interval.
Use port IP: When the WAN port receives an address that is reachable from the internet and you set the setting to Use port IP, the Sophos is aware at all times what the IP address of its own port is. Should that IP address change, it does not make sense for it to wait any interval before updating DDNS; it should update DDNS immediately.
I have several customers who use Verizon FiOS as their ISP and receive a dynamic IP address. The Sophos's WAN port connects to the Verizon ONT and I set the setting to Use port IP. Upon rebooting the Sophos or the Verizon equipment (and possibly even merely unplugging and reconnecting the Ethernet cable between the two) a new IP address is assigned to the Sophos. If the interval is set to 20 minutes and this occurs 1 minute after the last check, there will be another 19 minutes during which DNS resolves to the wrong address. This means downtime for anything that has to reach the network from outside.
But it doesn't have to be this way. Sophos can implement my suggestion and update DDNS immediately when the setting is set to Use port IP and a change of the port IP address is detected.
First, who cares?
Second, I don’t think you understand the purpose of the setting.
Your WAN port can get an IP address one of two ways. It can get an IP address from the device it is connected to or the device may be in bridge mode and pass the public IP directly to the Sophos. If it is the former you would want it to use the NAT’ed IP address as it wouldn’t do much good giving the DDNS a private IP address would it.
This setting is also there if you have multiple connections to the Internet.