Hello,

i have a simple problem. There is a Sophos XG Firewall with two WAN Interfaces. One of them is the main WAN Interface with a Cable. The second one is a backup WAN interface with a mobile backup router. Now there is a problem, that i cannot monitor the WAN link staus.

On my sophos XG i can see the status led of all WAN interfaces. If the status icon is green, there is a connection through this WAN interface to the internet. But if this status icon is red, there is no connection to the internet.

How can i monitor this kind of the green/red status icon? Or does anyone have another idea, as I also come to my goal.

Thank you all!

Article Comments

Hi there,

Thank you for your post and please apologize the long delay on this.

Whether or not you're able to monitor the status of the LED depends on the SNMP implementation of the Sophos device. This article might be a good starting point.

On the other hand, why don't you try to keep it simple and monitor the WAN connection using a plain Ping sensor instead? Even though it does not monitor the color of the LED, it does pretty much the same job and observes if the firewall is still online and is able to reach targets in the internet.
For this use case, I would suggest to deploy a basic Ping sensor on a device that has an external IP address/hostname (www.google.com for instance). The Probe, that has the sensor deployed to, will then check if it's able to establish a connection through the Sophos to the defined target.

Best,
Sebastian


Oct, 2021 - Permalink

Hi Sebastian,

thank you for your reply!

The problem is that with the ping I can only ping the complete internet connection of the firewall, but not of a single WAN link. Normally, the firewall also has internet, but I want to check whether the emergency internet connection is also permanent!

Thank you a lot Michael


Oct, 2021 - Permalink

Hi Michael,

In this particular case, please reach out to Sophos and request a MIB file and information which OIDs cover the status LED. Afterwards convert the file with the MIB Importer into an OIDlib file for PRTG, and use it with the SNMP Library sensor.

This is the go-to-approach in this case. The vendor should be able to quickly answer whether or not the status is part of their SNMP implementation and, if so, how it can be found. We can continue from there.

Sebastian


Oct, 2021 - Permalink