This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dual ISPs configured in load balancing, SSL VPN and user portal goes down.

We have 2 ISPs that are configured with 100% for both in load balancing. The one at the top of the list is primary right. So it seems that the router reconfigures the load every so often and when the second ISP is primary the user portal and vpn become unreachable. We have tried multipath rules and a round robin in our dns server. Both portal and vpn work well with the primary isp but as soons as we enable both in load balancing several hours later they quit. What settings are we missing?



This thread was automatically locked due to age.
Parents
  •  I am unsure which settings you want picts. of but I have included a few. The reason I think it is a Sophos setting is because if I use the IP address of the second ISP instead of the domain name I can access both VPN and the user portal. It seems that somehow they are tied to the primary ISP address. 

  • Uplink Balancing only affects outbound requests, Dave, not outbound responses nor inbound requests.

    I'm confused.  Do you have a router in front of the UTM that's doing load balancing?  If it's switching primary between the two ISPs, how does it update DNS?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Sorry I haven't been more clear. We do not having anything in front our Sophos UTMs. Traffic goes thru them first right after the modems from our providers and then onto the router . The reason I think something is happening in the Sophos is because the Cox IP becomes unreachable for the VPN and I can use the Windstream IP to reach the VPN if I put it in manually and then later it switches and becomes reachable again. Any insights you have will be appreciated.

    Thanks,

    Dave

  • What is the purpose of the round-robin in your DNS server, Dave?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • In trying to troubleshoot I thought that the new IP could point to the domain name of the Sophos but it did not help.

Reply Children
No Data