Got a 2nd WAN - how to migrate to uplink balancing without user interaction

Hallo Stephan,

On the 'Settings' tab of SSL VPN, you can specify the "Any" network object as the 'Interface address'.  There are specialized DNS services that offer a not-free service as you ask.  Just adding a second A record for the FQDN will probably be good enough for this purpose, and that should be free.

Cheers - Bob
PS Moving this thread to the VPN forum.

Hi,

thank you for your answer.

Is there no interruption for any service if i activate Uplink balancing? Or do i want to do this off hours?

Best regards

Stephan 

The default balancing is "by Connection," so established connections should not be interrupted, Stephan.

Cheers - Bob

Hi,

i now activated uplink balancing.

But back to my question of remote ssl. I cannot take the "uplink interfaces" group to the listening interface address

So can i only choose one ssl vpn listening interface?

That's why I said that you must use the "Any" network object, Stephan - otherwise, it must be a single "(Address)" object.

Cheers - Bob

Sorry. I forgot. 

But will it break the User Portal as it listens on the same 443 port? 

Two totally different connections, Stephan, and the UTM knows how to differentiate.

Cheers - Bob

I will try the configuration. But there are several "ideas" here where it conflicts with NAT and/or WAF. So this is another thing i want to do out of office hours.

https://ideas.sophos.com/forums/17359-sg-utm/search?filter=hot&oauth_consumer_key=DRfxHKLCir1RCZbSH0fo5g&oauth_signature_method=HMAC-SHA1&page=2&query=SSL+VPN+Remote+uplink+balancing

Take a look at #2 in Rulz, Stephan.  Also see Doug Foster's READ ME FIRST: UTM Architecture.

Cheers - Bob

Hi Bob,

i just got the time to test it:

And it is not working. I have to use a service that acts as load balancer to achieve a smooth migration. But there is no automatic failover if one internet connection does not work.

Best regards

Stephan