Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 38 subscribers
  • Views 1042 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dual WAN ports both active, TRACERT only uses one port

Peter Gilvarry

I have Ports 2 and Port 4 configured as WAN, both active with weighting of 1.

Both are connected to Comcast BUT separate internet connections, one is from my house, one from next door.

It appears by Speed Testing that both are passing download traffic, upload looks like only one is passing traffic.

If I do a Tracert -d 9.9.9.9 it always goes thru the feed at my house, the other house would show a Gateway of 192.168.4.1 in the trace.

With the primary disabled the secondary will pass traffic.

Is this normal?

Thanks,

Peter



This thread was automatically locked due to age.
Parents
  • 0

    Hi ,

    When adding a new WAN link, it is active by default and so the default action is to load balance using a weighted round-robin algorithm. If you set both as 1 then it's weighted equally.

    A reason it could be defaulting to your home WAN link could be due to link failover. When you add a gateway, Sophos Firewall adds a default failover rule: If Sophos Firewall can't ping the recently added gateway IP address, the gateway is considered down and traffic is redirected to other active gateway. 

    Source: Configure gateway load balancing and failover

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
Reply
  • 0

    Hi ,

    When adding a new WAN link, it is active by default and so the default action is to load balance using a weighted round-robin algorithm. If you set both as 1 then it's weighted equally.

    A reason it could be defaulting to your home WAN link could be due to link failover. When you add a gateway, Sophos Firewall adds a default failover rule: If Sophos Firewall can't ping the recently added gateway IP address, the gateway is considered down and traffic is redirected to other active gateway. 

    Source: Configure gateway load balancing and failover

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
Children
  • 0 in reply to Karlos

    Sorry, that seems to have messed something up, the "Status" button in WAN Link Manager is now red for both gateways, however it is still passing traffic.

    I am trying to link aggregate the 2 ISP inputs to increase bandwidth.

    Both are set to ACTIVE and rules are not checked.

    I was using an Ubiquiti device before to aggregate the 2 feeds, trying to do away with that.

    Thanks,

    Peter

  • 0 in reply to Peter Gilvarry

    Hi Peter, you should keep one of the link failover rules active, just modify it as necessary -  its the way the firewall ensures the links are up and healthy, otherwise it will mark as inactive.

    You can also check dgd.log for status of your gateways, might give you a clue as to why your home link is always defaulting as the only active link.

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
Unfiltered HTML