Backup Internet connection with a 4G Ethernet router

Hi Zak,

Welcome to the Sophos Community!

Define an interface as Ethernet Type and connect the 4G router to it physically. You will find more information here: How to define a network interface. Now you need to either define a static IP address within the subnet of the router's IP address and set the Gateway address as the routers IP address OR select the option of Dynamic ipv4, if the router acts as a DHCP server. Save the configuration and then define a multipath rule for the servers. Add the 4g WAN interface as a standby interface in uplink balancing. 

Thanks,

Salut Zak and welcome to the UTM Community!

It's rare that I disagree with Sachin, but I always prefer to leave the backup interface in 'Active' instead of 'Standby' as failover is instantaneous.  Then again, if you're paying by the MB of traffic, 'Standby' might be a better choice.

Cheers - Bob

Hello again and thank you guys for the replies.

After giving it some thought, I've come to conclusion that putting both interfaces in 'Active' might actually be the way to go. I will give it a try. 

Thanks again!

Zak

Hello again, 

I did every step from Sachin's reply but its not really working, just moved the 4g interface from 'Standby' to 'Active':

- Created the secondary WAN interface (Ethernet, Dyn.IPv4 and IPv4 Default GW ticked) and added it in 'Active' in the Uplink Balancing tab.

- Created the multi-path rule for the servers so that only them can use the 4G Interface:

Source: MyServers_Group( it's a network group with multiple servers)

Services: Any

Destination: Any

Itf. Persistence: By Interface and specified my 4G Wan Interface

Now what's happening is my whole LAN is using both interfaces to go out and i'm getting some crazy numbers in my dashboard, which is not really my purpose here. There must be some additional config to do? maybe a NAT thing or Policy Route?

Regards, 

Zak

In this scenario, your top Multipath rule must be one that binds 'Any -> Any -> Any' to the other interface.  That rule would not be necessary if your backup interface were not in 'Active'.

In either case, if nothing other than the servers should use the backup connection, you need to have at the bottom of the list another multipath rule like the first except that you must de-select 'Skip rule on interface error' in 'Advanced'.

Cheers - Bob

Hi Bob,

It is the rarest when I don't agree with you too :) but the Servers are on the same LAN. Having a multipath rule with ANY to ANY will also include traffic from the Server IP address and send it through the other WAN interface. I think he should have the ANY rule placed on the bottom and a TOP rule: Server_IP_Group > ANY > ANY from 4G gateway?

Thanks,

Yes, Sachin, but he wanted the servers to only use the 4g connection if the primary connection was down and for the other devices to lose connectivity in that case.  I only realized that when I read that he was having a problem using the Multipath approach.

Cheers - Bob

I have to say that I agree. I just realized the gap. 

Thanks for directing me to the right direction yet again :)

That worked out perfectly, thank you guys so much! 

Hello, back again with an additional question; 

Is there anyway i could bind VPN Uers traffic to the 4G wan interface ?

Thanks,

Zak