This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multipath rules not working as expected

 Hello community, 

 

I have two WANs setup this way:

All users are on one signle subnet, including some servers. Now these server hosts are included in a Network group "Servers" that i created. 

I have Two multipath rules set-up this way (both by "Interface Persistence"):

- The First one specifies that the "Servers" group uses the secondary WAN to get out, and i have the "Skip rule on interface error" option checked for WAN failover.

- The second rule is for the rest of the users which specifies for them to ONLY use the primary WAN with no failover, so i have the "Skip rule on interface error" unchecked.

 

Whenever i unplug the secondary WAN, the "Servers" group switches automatically to using the primary WAN as expected but, when i turn off the primary WAN all the users skip to using the secondary WAN even though i unchecked the "Skip rule on interface error" option. i don't know what am i exactly missing here. Any suggestions?

 

Thanks!



This thread was automatically locked due to age.
Parents Reply Children
  • Try this for the transparent proxy profile
    https://community.sophos.com/kb/en-us/126892

    Best Regards
    DKKDG

  • I will look into it. Thank you.

  • That didn't solve the issue. Users still switch to the secondary WAN whenever the first one is down..

  • Please show pictures of the Edits of your Multipath rule and of the 'Allowed Networks' for the both the default and additional Profile.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi, sorry for the delayed response. 

    Here's my edits on my multi path rules: 

    - 1st Rule: Servers group go out using the "SLC" WAN and i have the "Skip rule..." option checked for failover.

    -2nd Rule: This one is for the rest of the users which are bound to the primary WAN "External", no "Skip rule ..." check for them which is supposed to mean no failover.

     

     - Default profile:

     

    - Additional profile:

     

     

    I don't understand though what does filtering options have to do with the fact that failover is still happening for my users even though the "Skip rule.." option in unchecked. I'm thinking maybe some kind of conflict between the "Internal" interface and the "Servers" group as the latter is technically included in the former.

     

    Best Regards;

  • If you had followed the KB article that DKKDG linked to above, you would have had an additional selection in your Profiles:

    When you do that, do things work like you want?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi, thank you for your response. 

     

    I will try that again and get back to you as soon as i can.

  • Hello, 

    It still does not work as i want after doing what you proposed. Users are still switching to the secondary WAN whenever the first one is down. 

     

    Thank you for your patience,

    Kind regards,

    Zak.

  • If you want to continue to pursue this here, Zak, please show pictures of the Edits of the current Web Filtering Profiles.  Also, show a line or two from the Web Filtering log file where traffic from non-servers was handled after "External (WAN)" was disabled.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello, thank you for the response. 

     

    I just noticed that whenever web filtering is disabled and "External (WAN)" goes down, users does not switch to the secondary WAN. They do as soon as enable back web filtering. Does this mean that the issue resides in my web filtering profiles/policies? 

     

    I will be posting details of my profiles and log file as soon as possible.