User is getting continuous gateway down alerts or notification in sophos XG firewall log viewer.
Before understanding the resolution, first we need to understand when gateway becomes down or up.
Please go to network >> WAN link manager
Here in this location, if the status of the gateway is red in color then it indicates gateway is down.
If the status of the gateway is green in color, then the gateway is up and running.
Whenever the color of the gateway changes from green to red, we will get notification.
So now the question is, when the color of gateway status becomes red?
To answer this, click on the gateway and go to concerned fail over rules as show in below screenshot
So as mentioned in the above screenshot, firewall will try to ping the fail over IP very often, in case if it is unable to reach the fail over IP. Then we will get gateway down alert in firewall.
To clearly observe this issue, please follow the below steps:
Step-1: Login to the sophos firewall using putty:
You can follow this article for logging into the cli of the firewall:
Step-2:Go to advanced shell (select 5 and 3)
Type “cd /log” and then type this command “grep Dead dgd.log | head -1” as shown in below screenshot.
We will get to know the latest time stamp of the issue. Note down the time stamp and execute this command
grep “May 03 19:41:50” dgd.log
Then you will be able to observe clearly, gateway is trying to reach “fail over IP” and it was unable to reach.
Most of the times this issue could be at ISP level or next hop.
Hope this article helps you.