Help with Dual WAN Setup of Sophos UTM 9

I am not sure who out here may know the Sophos UTM products but I have a fairly simple question I believe.  Our UTM is configured with two internal networks (1 for our office network and 1 for our Guest WiFi).  We are also running two ISP's so we have two external WAN interfaces.  Currently both internal networks are going out the primary external.  I want to configure the firewall to have each internal network go out through different external networks.  

If possible I then want each external interface to be a failover for the other.

Not sure how much of this is possible but that is what I am trying to get configured.
Jeff PerryDirector of ITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dirk KotteSECommented:
you have to configure "uplink-balancing" with 2 active interfaces.
than set up multipath rules do direct the traffic to the preferred interface.
use the help-link from the multipath config-page to see the options.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jeff PerryDirector of ITAuthor Commented:
Excellent.  I will look into these options.
Jeff PerryDirector of ITAuthor Commented:
Okay it doesn't seem to be working.  I believe everything is setup properly.  I must be missing something.  Even though everything is configured the Uplink Monitoring still shows the Guest one as Offline.  Not sure why.  On the interfaces it is shown as UP.

See attached images
Interfaces.jpg
Uplink-Balancing.jpg
MultiPath.jpg
Uplink-Monitoring.jpg
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

Dirk KotteSECommented:
looks good.
now all traffic should be routed over the working interface?

the UTM use different hosts to monitor the link availability.
if Host is reachable ... link is OK.   Works reliable.
seems the configuration for the second IF is not correct... or the provider-link is not up...
try traceroute (from support/tools or CLI) to secondarys IF gateway.
try disable primary IF and traceroute to 8.8.8.8
so you can check IF connections.
Jeff PerryDirector of ITAuthor Commented:
I want it to route like this
Network-Diagram.jpg
Jeff PerryDirector of ITAuthor Commented:
Ok here is an update.  Everything might be setup alright but as soon as I enable uplink balancing I get an error on my second WAN link.  Not sure why.  If I turn off uplink balancing the error goes away but I cannot use both internet connections at that time.
Dirk KotteSECommented:
what if you disable the "primary" ISP link? traffic should go through secondary now.
You should be able to ping internet and traceroute targets at the internet "tracert 8.8.8.8" to see the used path.
Possible you need masquerading for secondary ISP connection and "primary LB-link" too.
Jeff PerryDirector of ITAuthor Commented:
I will see if I can test this.  The primary is our main internet so I am not able to just take it offline.  Especially if the other doesn't work.  I will see what I can do though.
Dirk KotteSECommented:
seems the secondary path is not online. uplink monitoring is reliable at my customers.
try to connect the link to a notebook, configure the ip settings and test the functionality.
Jeff PerryDirector of ITAuthor Commented:
Sorry another fire I need to tend to.  I will get back to this as soon as possible to try these options.  Thanks for your assistance.
Jeff PerryDirector of ITAuthor Commented:
Just an update.  I am still working with Sophos on this issue and they have not been able to find a solution yet.  They are saying there is a problem with the ISP but when the ISP is plugged into a normal router it works fine.  I will update once I have more info and a possible resolution from Sophos.
Dirk KotteSECommented:
how you are connected to the ISP?
Jeff PerryDirector of ITAuthor Commented:
I am working with the Sophos support on this issue but it will be awhile as other projects are coming up.  I just want to make sure i award you your points for assisting with the issue.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.