Help with Dual WAN Setup of Sophos UTM 9
I am not sure who out here may know the Sophos UTM products but I have a fairly simple question I believe. Our UTM is configured with two internal networks (1 for our office network and 1 for our Guest WiFi). We are also running two ISP's so we have two external WAN interfaces. Currently both internal networks are going out the primary external. I want to configure the firewall to have each internal network go out through different external networks.
If possible I then want each external interface to be a failover for the other.
Not sure how much of this is possible but that is what I am trying to get configured.
If possible I then want each external interface to be a failover for the other.
Not sure how much of this is possible but that is what I am trying to get configured.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Okay it doesn't seem to be working. I believe everything is setup properly. I must be missing something. Even though everything is configured the Uplink Monitoring still shows the Guest one as Offline. Not sure why. On the interfaces it is shown as UP.
See attached images
Interfaces.jpg
Uplink-Balancing.jpg
MultiPath.jpg
Uplink-Monitoring.jpg
See attached images
Interfaces.jpg
Uplink-Balancing.jpg
MultiPath.jpg
Uplink-Monitoring.jpg
looks good.
now all traffic should be routed over the working interface?
the UTM use different hosts to monitor the link availability.
if Host is reachable ... link is OK. Works reliable.
seems the configuration for the second IF is not correct... or the provider-link is not up...
try traceroute (from support/tools or CLI) to secondarys IF gateway.
try disable primary IF and traceroute to 8.8.8.8
so you can check IF connections.
now all traffic should be routed over the working interface?
the UTM use different hosts to monitor the link availability.
if Host is reachable ... link is OK. Works reliable.
seems the configuration for the second IF is not correct... or the provider-link is not up...
try traceroute (from support/tools or CLI) to secondarys IF gateway.
try disable primary IF and traceroute to 8.8.8.8
so you can check IF connections.
ASKER
I want it to route like this
Network-Diagram.jpg
Network-Diagram.jpg
ASKER
Ok here is an update. Everything might be setup alright but as soon as I enable uplink balancing I get an error on my second WAN link. Not sure why. If I turn off uplink balancing the error goes away but I cannot use both internet connections at that time.
what if you disable the "primary" ISP link? traffic should go through secondary now.
You should be able to ping internet and traceroute targets at the internet "tracert 8.8.8.8" to see the used path.
Possible you need masquerading for secondary ISP connection and "primary LB-link" too.
You should be able to ping internet and traceroute targets at the internet "tracert 8.8.8.8" to see the used path.
Possible you need masquerading for secondary ISP connection and "primary LB-link" too.
ASKER
I will see if I can test this. The primary is our main internet so I am not able to just take it offline. Especially if the other doesn't work. I will see what I can do though.
seems the secondary path is not online. uplink monitoring is reliable at my customers.
try to connect the link to a notebook, configure the ip settings and test the functionality.
try to connect the link to a notebook, configure the ip settings and test the functionality.
ASKER
Sorry another fire I need to tend to. I will get back to this as soon as possible to try these options. Thanks for your assistance.
ASKER
Just an update. I am still working with Sophos on this issue and they have not been able to find a solution yet. They are saying there is a problem with the ISP but when the ISP is plugged into a normal router it works fine. I will update once I have more info and a possible resolution from Sophos.
how you are connected to the ISP?
ASKER
I am working with the Sophos support on this issue but it will be awhile as other projects are coming up. I just want to make sure i award you your points for assisting with the issue.
ASKER