Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 37 subscribers
  • Views 14990 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DSCP on WAN to LAN

lferrara

Hi All,

DSCP, Primary and Backup Gateway can be configured on network rule while it cannot be configured on Business Application Rule.

What I am trying to achieve is to publish a web server on 2 Public IPs. If the first internet connection goes down, the requests goes to second connection.

Using BAR, you can configure IP list but the algorithm used is Load Balancing rather than Failover. Is it possible to force this configuration?

Maybe an improvements in later versions?

I can use WAN LInk manager and configure the second WAN as backup, but for rules where DSCP is used, if I set the second wan as the first gateway, the rule will always choose the Primary WAN, or not?

Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Greetings.

    I did some R&D and what I found is, Cyberoam supported DSCP over Virtual hosts. Strangely, I didn't find the option in XG. Hence, DSCP on a Business Application rule is not be possible.

    Request you to raise a Feature Request from here: feature.astaro.com/.../330219-sophos-xg-firewall

    If you are trying to achieve a Fail-over to publish a Web Server on 2 Public IP addresses, then you can configure two separate Business Application Rules for same Web Server.  Next, you can host your domain's A-record on these two IP address and prioritize one of the IP. This can be a useful workaround until a Failover feature is implemented.

    Hope that helps:)

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • 0

    Hi,

    Greetings.

    I did some R&D and what I found is, Cyberoam supported DSCP over Virtual hosts. Strangely, I didn't find the option in XG. Hence, DSCP on a Business Application rule is not be possible.

    Request you to raise a Feature Request from here: feature.astaro.com/.../330219-sophos-xg-firewall

    If you are trying to achieve a Fail-over to publish a Web Server on 2 Public IP addresses, then you can configure two separate Business Application Rules for same Web Server.  Next, you can host your domain's A-record on these two IP address and prioritize one of the IP. This can be a useful workaround until a Failover feature is implemented.

    Hope that helps:)

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
Unfiltered HTML