Link monitor

Hi,

I´m using Link monitor on my T15 devices in combination with SD-WAN and also some places where there is 2 WAN links. My problem is i´m seeing quite a lot of Link Monitor missing ping replies like:

2020-11-05 16:37:59 link-mon [Link Monitor] No response received on External from Ping target 83.88.23.70 msg_id="4900-0002" Event
2020-11-05 16:38:08 link-mon [Link Monitor] No response received on NetGroup from Ping target default gateway msg_id="4900-0002" Event

This is on multiple T15 devices, running different fireware versions, connected to different vender equitment gateways (Cisco, SagemCom, Juniper), tried all sort of different ip addresses, and even bovpn vif with GRE, i see this "no response" from remote GRE ip address.

A PCAP shows missing reply to the Link-Mon pings at the same time where a diagnostics ping command from FSM to the same ip address, on the same outgoing interface show 100% success.

WG Support do not believe it´s a software bug, but i find it very odd only Link-Mon icmp replies "just vanish" but other pings to same destination works at the same time.
Of cause i can be wrong.

Anyway ... do any of you use Link monitor, and if so see issues with pings?

/Robert

Comments

  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    Hi @RVilhelmsen
    If your pcaps are showing that the pings aren't coming back, it's best to just choose a different ping target. Lots of servers on the internet don't respond to pings consistently, or at all.

    -James Carson
    WatchGuard Customer Support

  • @James_Carson
    Well i even have this issue when pinging the default gateway which is most installations is located under a feet away. No matter what target i choose, it´s the same issue.

    What i noticed is somestimes when i save a configuration to the device, i see the same error messages.

  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    @RVilhelmsen

    If you're running a packet capture and you see the ping leaving, and not coming back -- the issue will lie elsewhere. If all pings are being blocked upstream, I'd suggest having a discussion with your ISP so that you can discern why and for what they're doing this.

    You can also use the TCP connect method for link monitor, which will attempt to make a TCP connection on the port of your choice, if this is being blocked upstream.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.