Options

Link monitoring suggestions

Which target are suggested for link monitoring (multi WAN with failover scenario) when a company doesn't own any public facing hosts ? Pinging 8.8.8.8 ? DNS resolution of www.google.com on some public DNS server ?
Is it possibile to configure more than a check and drop a link only when all of them are not working ? I found only the 'Require a successful probe to all targets to define the interface as active' , if not selected, only one of the check is selectable.
I'm afraid that a link is seen an down just because a single IP owned by another company doens't work.

Comments

  • Options

    I use a high availability DNS server, such as 8.8.8.8 or 1.1.1.1 for Ping.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    (About Link Monitor)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/link monitor/link_monitor_about.html

    See the section labeled "Recommendations for Targets" about 1/3 into the article.

    I generally recommend something that your business relies on (if you're a call center, consider the VoIP provider's server that you're connecting to. If you're a medical organization, consider pinging the server for the software you use. Etc.

    DNS servers (particularly Google's, as they've randomly stopped replying to pings in the past) are OK to use if there are no other options. However, do not use the same target for every interface. For example, if 8.8.8.8 stops responding to pings, and all of your interfaces are checking that IP only, all of your interfaces will end up being marked as down.

    -James Carson
    WatchGuard Customer Support

  • Options

    Thanks. Reading the docs there is one thing I didn't understood well, is there a way to ping more than a target and fail only if all the targets doesn't answer? There are some days that 8.8.8.8 stops responding, but it would be very uncommon that both 8.8.8.8 and 1.1.1.1 stos responding

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Digitaldomus
    The only option here is for all targets to respond before we mark that interface as active. If you add multiple addresses, all must be down for the interface to be marked down. If you include multiple addresses, the one selected (via radio button) is the one used for SD-WAN metrics.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.