Configure Firebox Network Link Monitoring

Applies To: Cloud-managed Fireboxes

To monitor the status of network connectivity from a cloud-managed Firebox, we highly recommend that you enable link monitoring. In the Link Monitoring settings for a network, you configure link monitoring targets, which are remote hosts beyond your network perimeter. Link monitoring is not enabled by default.

When link monitoring is enabled, the Firebox sends traffic to a link monitor target to test network connectivity.

Link monitoring is required for these SD-WAN features:

  • SD-WAN for internal or guest networks
  • SD-WAN measurement-based failover

Link monitoring settings for external networks are different than for internal and guest networks.

Supported Targets

Link Monitor supports these types of targets:

  • Ping — Pings an IP address or domain name
  • TCP — Sends TCP probes to an IP address or domain name, and a port number
  • DNS — Queries the IP address of a DNS server for the specified domain name

Recommendations for External Link Monitoring

When you enable Link Monitoring for an external network, the default settings send a ping to the network gateway. To make sure traffic fails over to a different interface when network issues occur, we recommend that you:

  • Configure link monitoring to send traffic to an IP address beyond the default gateway.
  • Select a target that has a record of high uptime, such as a server hosted by your ISP.
  • Configure different link monitoring settings for each external network.

Some DNS servers and ISP equipment block pings that continue for an extended duration. To avoid this issue, configure a DNS target instead of a ping target.

To make sure that the Firebox does not block traffic from the link monitor target, we also recommend that you add a Blocked Sites Exception with the IP address of the link monitor target. For information about how to add exceptions, see Add Exceptions in WatchGuard Cloud.

Configure Link Monitoring Settings

To configure link monitoring for a network, you must enable link monitoring and then configure the link monitoring settings. The configuration options for link monitoring depend on the network type (external, internal, or guest).

To enable link monitoring for a network, from WatchGuard Cloud:

  1. Select Configure > Devices.
  2. Select the cloud-managed Firebox.
  3. Click Device Configuration.
  4. Click the Networks tile.
    The Networks configuration page opens.
  5. Click the tile for the external network to edit.
  6. In the network settings, select the Link Monitoring tab.

Screen shot of the Link Monitoring tab with Link Monitoring disabled

  1. Click the Enable Link Monitoring toggle.
  2. Configure the link monitoring settings for your external, internal, or guest network.
  3. To save configuration changes to the cloud, click Save.

See Also

About Firebox Networking Settings