VPN tunnel keep-alive function for outbound connections
Our XG IPSec VPN Tunnel to Microsoft Azure does not stay up, because when there is no activity Microsoft shuts down the tunnel. To overcome this, we have had to implement a 5 minute ping to each of our 5 warehouses from a VM in Azure. A keep alive feature on the XG side would solve this problem. Other firewalls, such as Dell's Sonicwall, have a keep alive feature that addresses this issue.
Did you call Sophos support. They should be able to help you.
Keep-alive should only be enabled on one side of the tunnel and by default I believe it's enabled on the Azure side and Sophos side. You need to disable rekey on one side.
On the Sophos side you can do this by going to VPN - IPSEC Policies. Find the IKEv2 policy you're using and copy it. Then under advanced change When peer unreachable to Disconnect. Change the name of the policy to IKEv2_Respond. Now under your IPSe connection change it to use your new policy.
The latest firmware already has a an Azure IPSEC Policy with the Azure settings so you can try that too.
These might not be the exact settings you need but the issue is because keep-alive is configured on both ends instead of one being the responder only.
why it's so hard to implement? why this feature not available yet