The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
This article explains how to setup multiple redundant static routes to a single destination network using different paths.
Known to apply to the following Sophos product(s) and version(s)
In UTM9, it is not possible to configure multiple static routes to the same destination network, regardless of the assigned metric. If you attempt to do so, you'll get an error stating that the network is already in use by the existing route.
However, it is possible to create redundant gateway routes to a single destination network (using different paths), by using Availability Groups.
First, create an Availability Group consisting of the gateway addresses of each route:
For example: if you want to reach the remote network 192.168.5.0/24, and you have 2 links to that network where the addresses of the next hops to reach it are 192.168.6.1 and 192.168.7.1, you would add host objects consisting of those two addresses into the Availability Group host list.
Next, configure a static gateway route where the destination gateway address is the Availability Group:
Finally, activate the static route. Your UTM will now have a route to the specified remote network, via the interface connected to the first gateway on the list in your Availability Group. If that gateway is no longer reachable, but the next one is, the route will automatically switch over to the interface associated with the next gateway. If the first gateway on the list becomes reachable again, the route will switch back to utilize the first interface.
The amount of time it takes for the UTM to switch the route from one link to the next if the first one fails is controlled by the Interval setting in the Availability Group > Advanced section. If you set the interval to 15, then the UTM will attempt to contact the first host on the list every 15 seconds. If that host does not respond in the time period specified under Timeout, the UTM will then attempt to contact the next host on the list, and so on.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.