This article explains how to setup multiple redundant static routes to a single destination network using different paths. The following sections are covered:
Applies to the following Sophos products and versions Sophos UTM
On Sophos UTM, it is not possible to configure multiple static routes to the same destination network, regardless of the assigned metric. If you attempt to do so, you'll get an error stating that the network is already in use by the existing route.
However, it is possible to create redundant gateway routes to a single destination network (using different paths), by using Availability Groups.
First, create an Availability Group consisting of the gateway addresses of each route:
For example: if you want to reach the remote network 192.168.5.0/24, and you have 2 links to that network where the addresses of the next hops to reach it are 192.168.6.1 and 192.168.7.1, you would add host objects consisting of those two addresses into the Availability Group host list.
Next, configure a static gateway route where the destination gateway address is the Availability Group:
Finally, activate the static route. Your UTM will now have a route to the specified remote network, via the interface connected to the first gateway on the list in your Availability Group. If that gateway is no longer reachable, but the next one is, the route will automatically switch over to the interface associated with the next gateway. If the first gateway on the list becomes reachable again, the route will switch back to utilize the first interface.
The amount of time it takes for the UTM to switch the route from one link to the next if the first one fails is controlled by the Interval setting in the Availability Group > Advanced section. If you set the interval to 15, then the UTM will attempt to contact the first host on the list every 15 seconds. If that host does not respond in the time period specified under Timeout, the UTM will then attempt to contact the next host on the list, and so on.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.