This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Got a 2nd WAN - how to migrate to uplink balancing without user interaction

Hi everyone,

setting up uplink balancing seems to be very easy. But i have questions how to change the interfaces for SSL VPN Remote without user problems.

I would set up the new interface and add it to the uplink balancing.

But how do i change the ssl vpn remote interface without the user noticing? Can i set the interface group as the SSL VPN remote interface so that the firewall listens on both addresses? So that i can change the DNS entry for the fw remote endpoint without any problems?

Is there a load balancer service @ the internet (EU preferred) i can add both ip addresses with priority?

 

Best regards

Stephan



This thread was automatically locked due to age.
Parents Reply
  • When I configure a client initially, I change the protocol to UDP to avoid future conflicts and to accelerate the tunnel.  If you were to do that now, you would need to change line 4 in all users' config files to proto udp from proto tcp.  Either that or send each an update which you can download from the 'Users' tab of 'Users & Groups'.

    I agree that the easiest would be to use the DNS failover service for now.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hey Bob,

    thanks for your answer.

    Do you know a good one? 

    Or am i searching for load balancing? 

    I would think it works like this: I set up dns failover with ip 1.1.1.1 and specify my old and new ssl endpoint there.

    Then i change the DNS entry to 1.1.1.1. The dns failover will then decided where to route the traffic (port 443 reachable on this ip)

  • I'm not familiar with DNS failover services in Germany, so you might want to Google for them from there.  A load balancing service would also work if that would be beneficial when both WAN connections are available.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA