This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Got a 2nd WAN - how to migrate to uplink balancing without user interaction

Hi everyone,

setting up uplink balancing seems to be very easy. But i have questions how to change the interfaces for SSL VPN Remote without user problems.

I would set up the new interface and add it to the uplink balancing.

But how do i change the ssl vpn remote interface without the user noticing? Can i set the interface group as the SSL VPN remote interface so that the firewall listens on both addresses? So that i can change the DNS entry for the fw remote endpoint without any problems?

Is there a load balancer service @ the internet (EU preferred) i can add both ip addresses with priority?

 

Best regards

Stephan



This thread was automatically locked due to age.
Parents
  • Hallo Stephan,

    On the 'Settings' tab of SSL VPN, you can specify the "Any" network object as the 'Interface address'.  There are specialized DNS services that offer a not-free service as you ask.  Just adding a second A record for the FQDN will probably be good enough for this purpose, and that should be free.

    Cheers - Bob
    PS Moving this thread to the VPN forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi,

    thank you for your answer.

    Is there no interruption for any service if i activate Uplink balancing? Or do i want to do this off hours?

    Best regards

    Stephan 

  • The default balancing is "by Connection," so established connections should not be interrupted, Stephan.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi,

     

    i now activated uplink balancing.

    But back to my question of remote ssl. I cannot take the "uplink interfaces" group to the listening interface address

    So can i only choose one ssl vpn listening interface?

  • That's why I said that you must use the "Any" network object, Stephan - otherwise, it must be a single "(Address)" object.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Sorry. I forgot. 

    But will it break the User Portal as it listens on the same 443 port? 

  • Two totally different connections, Stephan, and the UTM knows how to differentiate.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Two totally different connections, Stephan, and the UTM knows how to differentiate.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children