Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 1857 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM, Uplink balancing, VPN and DNS

Lennard Bertram

I have two Interfaces on my UTM accessing the internet. Primary interface 192.168.88.1 and secondary, slower 192.168.178.1. Second one is deactivated because when I activate it, the UTM will direct all traffic through the second one, which is significantly slower and only meant as fallback. Also when both are activated, VPN connections become very unstable.

Having the second one deactivated, and no matter what I enter under DNS forwarding, the tab tells me current DNS server is 192.168.178.1. Also my VPN log will name 192.168.178.1 as DNS server. This should obviously not be and I am at a loss to what I can do.

 

Any help is appreciated. Thank you so much.



This thread was automatically locked due to age.
  • 0

    You should configure booth external interfaces with default gateway.

    Thereby you get "uplink balancing" activated automatically.

    You may configure the second (slower) interface as standby interface. So it gets active only if primary fails.

    Other option (i prefer this) is configure both as active interfaces and configure the interface scheduler (wrench) with 0 for the slow interface.

    So all traffic use the fast interface but incoming connections (VPN/WAF/...) are possible at the "slow" too.

     

    I think the topic "DNS settings" you have misunderstood. Explanation follows ...

     

     


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    "Network Services -> DNS -> Forwarding" means that the SG forwards the respective request to the configured servers and then delivers it as if it were their own. The questioner does not get "please go to the DNS server back there" from the SG.

    "the tab tells me current DNS server is 192.168.178.1"
    which Tab? The DNS-tab from your client?

    The information to clients which servers to use is usually transmitted in the DHCP response.

    Which DNS server is to be used for VPN connections can be found under "remote access / advanced"

     

    Check  DNS Best practice from Bob too.

    community.sophos.com/.../109152


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0

    Hallo Lennard and welcome to the UTM Community!

    Dirk got you pointed in the right direction.  I also like having both interfaces in Active.  You also could use a Multipath rule to send all traffic through the faster interface when it's functional and through the slower when the faster is down.  Depending on the configuration, the weighting suggested by Dirk can be a better choice.  You'll want to try both approaches to see which works better with your setup.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML