Gateway Status

The Gateway Status page at Status > Gateways displays the current status of individual gateways as well as gateway groups.

Gateways Tab

The Gateways tab displays the status for each gateway on the firewall, including manually defined gateways as well as dynamic gateways.

See also

The status output includes the following information for each entry:

Name:

The name of the gateway.

If this gateway is currently the default gateway for either IPv4 or IPv6, the page will print (default) after the name.

Gateway:

The IP address of the gateway.

Monitor:

The IP address being used by the gateway monitoring system to determine the status of the gateway.

If the gateway has a custom monitor IP address set, this field will be different than the gateway IP address.

If monitoring is disabled for this gateway this column contains the string (unmonitored).

RTT:

The round-trip time of the most recent gateway monitoring probes.

RTTsd:

The standard deviation of the round-trip time of recent gateway monitoring probes. This indicates how much variance there is between the fastest and slowest recent responses from the monitoring address.

A high value in this column indicates that the latency on the path to the monitor IP address varies significantly, with large differences between the high and low values. This could be due to load or instability on the link, for example.

A low value indicates that the latency on the circuit is consistent, which can mean it is in good condition, has a light load, or is otherwise operating optimally.

Loss:

The amount of packet loss the firewall has experienced recently while probing the monitor IP address. This may indicate that the circuit has a problem somewhere along the path to the monitor IP address.

Some hosts and routers drop or throttle ICMP messages during times of high load. Thus, experiencing packet loss from monitoring probes does not always indicate a problem with the circuit.

Tip

If the circuit appears to be working properly despite showing loss, it’s possible that the monitoring probes have been dropped by a router somewhere in between the firewall and the monitor IP address host. In this case the best course of action is to choose a different monitor IP address.

Status:

The status field shows the current state of the gateway. The status may be one of: Online, Offline, or Warning.

When in an offline or warning state the field also contains a text description of the problem. For example, it may indicate that the gateway is offline due to packet loss.

Description:

The text description of the gateway, either from the manually configured settings or a default string for dynamic gateways.

Action:

Selectively kill firewall states using this gateway in various ways.

  • fa-times-circle: Kills all firewall states created by policy routing rules using this specific gateway by name.

    This does not include states which used this gateway as a part of a gateway group.

  • fa-circle-xmark: Kills all firewall states created by policy routing rules using this specific gateway by IP address.

    The states must have matched a rule using policy routing with this gateway alone, in a gateway group, or via reply-to on a WAN-type interface.

  • fa-times: This icon is present only on default gateway entries. It will kill states using the default gateway (0.0.0.0 for IPv4, :: for IPv6). This affects states which did not match policy routing rules (e.g. default routing behavior, automatic gateway switching, etc).

    Warning

    This can be very disruptive as it may terminate sessions to firewall services and/or on multiple WANs and internal interfaces.

Gateway Groups Tab

The Gateway Groups tab shows the status of gateway group members and the groups as a whole.

See also

The status output includes the following information for each entry:

Group Name:

The name of the gateway group.

Gateways:

A table containing a row for each gateway group member arranged in tiers on different columns.

If all of the gateways on a tier are down, the firewall will use the gateways on the next available tier. For example, if all of the gateways in tier 1 are offline, the firewall will look for gateways in tier 2, then tier 3, and so on.

Description:

The text description of the gateway group.

Action:

Selectively kill firewall states using this gateway group.

Clicking the fa-times-circle icon kills all firewall states created by policy routing rules using this specific gateway group by name.

This does not affect other uses of the gateway group, such as services bound to a gateway group as their interface.