Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Different rules per interface under WAN zone?

Hello Guys,

 

So we have 3 WAN interfaces connected to our Sophos.
These WANs are really different in their performance (download/upload speed) and even BW limitations.

*These are satellite links.

Anyway, i'm trying to set rules depending on the outgoing interface, but all i can do is "zone" which includes all of the 3.

I want for example - if only the "slow" WAN is available - i need to limit/block lots of things
On the other side, if the "fast" WAN is available - most of the traffic will be allowed.

But as it seems, i can choose "WAN" as outoging zone - so i cannot differentiate between each interface.

 

The only option for me is to use 3 separate zones, and avoid using the WAN zone? 

 

Thank you. 



This thread was automatically locked due to age.
Parents Reply Children
  • Thanks again Luk.

    So if i must to apply these only per service - and in WAN zone i cannot do seperation between interfaces.. 

     

    What if i will work with 3 "LAN" zones that will act as WAN?

    So i can do rules like:

    Lan --> "WAN1"  accept HTTPS + traffic shaping X
    Lan --> "WAN2"  accept HTTPS + traffic shaping Y
    Lan --> "WAN3" accept HTTPS no traffic shaping.

     

    Notice that these "WANS" zones are acctually configured as "LAN" zones. but they will be connected to my routers.
    So when i'm on "WAN1" i have some type of traffic shaping for HTTP
    but when i'm on "WAN2" i have different type of traffic shaping (or nothing at all if i wish).

    I will have to configure NAT and probably gateways manually i guess?
    Anything else i "lose" if i choose to not use WAN zone and just connect each router to different LAN zone?