This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MP rules and MASQ over a group of ISP

i'm having a bit of an "odd" issue i didn't paricularly enocunter before.

customer has ISP A, B and C

all 3 are configured as active interfaces.

customer wants that a certain network(wifi) only goes out through ISB B with failover to C.

 

Ok, that's easy... so i did two MP rules with all traffic from that network going through ISP B, with skip rule on error and below it another but through ISP C.

So far so good.

So i created two masq rules, one for each ISP from that network.... and traffic stopped working.

so how can i make this?, or do i simply leave the "uplink primary address" as object in the masq for that network?



This thread was automatically locked due to age.
  • I don't understand why you wouldn't just have a single Masq rule like 'WiFi (Network) -> Uplink Interfaces' using the "uplink primary address" object.

    However, if the Masq rule for ISP B was above the one for ISP C, it seems like that would work, too.  Interesting that it doesn't!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • ¿the thing i'm worried about is that how does the system determine the "uplink primary"?.

     

    what if the primary address is not one of the interfaces i want this network to masq from?(i.e.: system primary is A, but this network goes out only through B or C)

  • The configuration in WebAdmin will be correctly understood by the configuration daemon, and it will write the appropriate iptables rules to send traffic masq'd with the correct address.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA