Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 6 subscribers
  • Views 14890 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Changing Public IP-adresses

Peter Vroegop

 We using the UTM on a public IP-address block of 4 adresses.
This IP-addresses are assinged to 1 interface (I call it interface1 for now) 1 address isthe default interface address and the others are addtional adresses.
This interfaces also contains the default gateway.
In the definitions the intern IPv4 entry is connected to this interface.
In the nat maskerade rules is the default ip-address of the interface defined as maskerade address.

Our ISP informed use the ipadresses are going to change. The new adresses are assinged to the connection already.
Tha change must be done before april 30, when the "old' addresses will be disabled.

For the change I create a new interface (I call it interface2 for now) with the new Ip-addresses. (1 interface address and the others as additional)
as soon as I defined the default gateway to this interface the UTM notifited my that there may not been multiply default gateways been defined and the config will automaticly enable uplink balancing.
After this everything worked fine.

My tought was maybe to easy.
Disabling interface1 must do the final step.

Unfortunly, it impossible to disable or remove an interface whice is part of the upload balancing.
So I removed the default gateway from interface1, the upload balancing is disabled now and all settings (maskarade address and internet IPv4 definition are set to interface2

However, I'm unable to connect to the internet right now.

When I return the default gateway to interface1 everything sames to work again.

 

Can somebody tell me what's wrong in my config?



This thread was automatically locked due to age.
  • 0

    The interfaces are physical separated intefaces?
    The configuration of the interfaces is the same? (ip/mask/ppoe/vlan/mtu)

  • 0

    UTM does not like (or does not allow, I forget which) to have the default gateway configured on multiple interfaces, even if one of them is disabled.   You should (a) be on an interface that will not be affected by the change, (b) remove the gateway address and un-check the default gateway box from the old interface, then (c) add the default gateway and check the box on the new interface.

    I don't think you can remove the gateway IP from the old interface unless it is enabled at the time.

  • 0 in reply to DouglasFoster

    Incorrect

    Even with a WAN Interface you can uncheck the "Default Getaway". And without to turn it down

  • 0

    Hi Peter,

    configure both interfaces with the suitable gateway address. Then switch masquerading rules from static interface to uplink interfaces.  By default the traffic is load balanced. If one interface don't reach suitable gateway all traffic is passed to the working interface / gateway. Uplink monitoring monitors the two connections and do the job for you.

    Additionally you can create a multipath rule with a persistence by interface and skip rule on interface error (advanced tab). All traffic is going then over the defined interface so long as the interface is up and the gateway is reachable.

    Regards

    mod

  • 0

    Hoj Peter,

    Rather than help you with the solution you've chosen, I will recommend another.  Leave everything in place without adding any new interface.  When the time comes to change to the new IPs, simply change them on the current interface.  This avoids having to play with masq, firewall, etc. rules - much simpler than the path you're on now.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to mod2402

    Hi mod,

     

    Your answer was my way of thinking and I'm glad of it.

    However it don't work, the additional interface came not alive.

    When I ask my ISP I found the reason why.

    The told me for a couple of weeks are both sets of IP addresses available on the line.
    However, they didn't told me the new set of IP-address were taggd with a vlan.

    So I'm glad I didn't wait and change everything,as Bob suggested, to finaly find out it didn't work.

    Now I have the challange to work this out.

    I Transport the internet connection from the IPS connectionpoint through our network to the serverroom.
    I created for this a one (internetconnection) VLAN.
    Now I got the same internet connection two sets of ip-addresses, from whice the new set addresses is VLANtagged.
    I'm wondering how I got this set on my own network in the right way.
    So I got in the serverroom one accesspoort with the "Old' ip-addresses and one accesspoort with the new ip-addersses with the right vlan tag.

    Anyone a suggestion?

  • 0 in reply to Peter Vroegop

    I found the solution.

    It wasn't my or the UTM whice was the error.

    My IPS told my the wrong VLAN tag, so the new VLNA wasn't came thrue the firewall at all.

    After adding the right vlan tagg both interfaces work fine in load balancing.

    Now I can create the next steps to forfill the change

Unfiltered HTML