Configure Firebox Network Link Monitoring

Applies To: Cloud-managed Fireboxes

To monitor the status of network connectivity from a cloud-managed Firebox, we highly recommend that you enable link monitoring. In the Link Monitoring settings for a network, you configure link monitoring targets, which are remote hosts beyond your network perimeter. Link monitoring is not enabled by default.

When link monitoring is enabled, the Firebox sends traffic to a link monitor target to test network connectivity.

Link monitoring is required for these SD-WAN features:

SD-WAN for internal or guest networks
SD-WAN measurement-based failover

Link monitoring settings for external networks are different than for internal and guest networks.

Supported Targets

Link Monitor supports these types of targets:

Ping — Pings an IP address or domain name
TCP — Sends TCP probes to an IP address or domain name, and a port number
DNS — Queries the IP address of a DNS server for the specified domain name

Recommendations for External Link Monitoring

When you enable Link Monitoring for an external network, the default settings send a ping to the network gateway. To make sure traffic fails over to a different interface when network issues occur, we recommend that you:

Configure link monitoring to send traffic to an IP address beyond the default gateway.
Select a target that has a record of high uptime, such as a server hosted by your ISP.
Configure different link monitoring settings for each external network.

Some DNS servers and ISP equipment block pings that continue for an extended duration. To avoid this issue, configure a DNS target instead of a ping target.

To make sure that the Firebox does not block traffic from the link monitor target, we also recommend that you add a Blocked Sites Exception with the IP address of the link monitor target. For information about how to add exceptions, see Add Exceptions in WatchGuard Cloud.

Configure Link Monitoring Settings

To configure link monitoring for a network, you must enable link monitoring and then configure the link monitoring settings. The configuration options for link monitoring depend on the network type (external, internal, or guest).

To enable link monitoring for a network, from WatchGuard Cloud:

Select Configure > Devices.
Select the cloud-managed Firebox.
Click Device Configuration.
Click the Networks tile.
The Networks configuration page opens.
Click the tile for the external network to edit.
In the network settings, select the Link Monitoring tab.

Click the Enable Link Monitoring toggle.
Configure the link monitoring settings for your external, internal, or guest network.
To save configuration changes to the cloud, click Save.

Configure Link Monitoring for an External Network

For an external network, you can use the default settings, or configure custom settings.

If you use the default link monitoring settings, the Firebox sends ping traffic to the network gateway. To monitor connectivity to any network beyond the gateway, you must configure custom link monitoring settings.

To use default link monitoring settings for an external network:

Enable link monitoring.
Select Use Default Link Monitoring Settings.
Click Save.

To configure custom link monitoring settings for an external network:

Enable link monitoring.
Select Use Custom Link Monitoring Settings.

From the Type drop-down list, select Ping, TCP, or DNS. Tip!
In the IP Address text box, type the IP address of the link monitoring target. For example, if you selected DNS, type the IP address of the DNS server.
If you selected TCP, in the Port text box, type a port number.

If you selected DNS, in the Query Domain text box, type a domain name for the DNS server to resolve.

To save configuration changes to the cloud, click Save.

Configure Firebox Network Link Monitoring

Supported Targets

Recommendations for External Link Monitoring

Configure Link Monitoring Settings

Related Topics