Skip to content

Add a gateway

Create a custom gateway and specify health checks to determine if the gateway is active.

Assign a zone to custom gateways if you want to route traffic based on the network host's zone. For example, you can route traffic to servers based on their zone.

Specify the health check settings to determine if the gateway is active. You can apply more than one monitoring condition for health checks.

  1. Go to Routing > Gateways, and click Add.
  2. Enter a name.
  3. Specify the gateway settings.

    Name Description
    Gateway IP Enter the IP address of the gateway.
    Interface Select the interface of the gateway.
    Zone Select the zone to assign to the gateway.

    The default gateway is set to the WAN zone. You can't change its zone.

    Sophos Firewall prioritizes the gateway zone over the interface zone.
  4. Specify the health check settings.

    Name Description
    Health check Turn it on to perform health checks for monitoring the gateway status.
    Interval Time interval between probes for the health check.

    Default: 60 seconds
    Time-out The gateway must respond within this time to be considered active.

    Default: 2 seconds
    Retries The number of consecutive attempts to probe the gateway's health. If the gateway doesn't respond to these attempts, Sophos Firewall considers the gateway unreachable.

    Default: 3
    Monitoring condition Sophos Firewall sends requests to host IP addresses behind the gateway. If the hosts respond to health check probes, Sophos Firewall considers the gateway active.

    Specify the following settings for monitoring the gateway:

    Protocol: Protocol for checking the gateway’s status.

    Port: For TCP protocol, specify the port number to use for health check probes.

    IP address: IP address of a host device behind the gateway.

    Specify a host that is always available. When hosts don't send a response, Sophos Firewall considers the gateway unreachable.

    Operator: To add more monitoring conditions, select one of the following operators, and click add Add button:
    • AND: Probes are sent for all the specified conditions. Sophos Firewall determines that the gateway is active only when all the conditions are met.
    • OR: Probes are sent from the top down until a condition is met.