2nd WAN - no failover or load balancing

Hi,

Thanks for reaching out to Sophos Community and hope you are well. 

Seems UTM Multipath rules configuration would achieve your use case: https://support.sophos.com/support/s/article/KB-000034635?language=en_US

Hope this helps and thank you for choosing Sophos

Regards,

Thank you.  Can you be more specific?  I looked at that extensively and was not able to create a working configuration.  I am not interested in load balancing or failover - does your recommendation still apply?  Thanks again.

We can use, Itf. Persistence: Interface persistence is a technique which ensures that subsequent connections from a client are always routed over the same uplink interface.

Then we under it we can use: By Interface: Select an interface from the Bind Interface drop-down list. All traffic applying to the rule will be routed over this interface.

and this would achieve the use case above for your future state. 

Future State:

• LAN = 192.168.0.x/24 -> WAN - ISP 1
• DEVICE1 = 192.168.0.130 -> WAN2 - ISP 2

Regards,

If you're still fighting this, please insert pictures of your 'Uplink Balancing' tab and the Edits of any Multipath rules.

Cheers - Bob

Thank to both of you.  This all seems in service of doing load balancing or failover which is not what I want.  Are you saying this is still the place you need to be to configure a 2nd WAN regardless?  This is where I started but it always seemed to be load balancing.  I had assumed I'd be doing more with routing rather than uplinking

Hello,

please show us your screenshots from the "uplink balancing" tab and the edits of your "multipath rules".

In contrast to their name "multipath rules" can be used to force the use of only one interface for special clients or services.

Let us help you getting this solved.

Thank you.  I now have a working configuration using uplink balancing and multipath rules.  I changed the WAN2 weighting (wrench icon in Active Interfaces) to 0 as a solution to stop the load balancing - is that the recommended way?  My multipath rule selects a source host group, service any, and destination Internet IPv4 with an itf persistance = Interface and then selecting my WAN2 link.

It still seems kludgy but maybe I have more to learn.  My inclination was to look at static or policy routing.  Or is this a Sophos specific thing?

Thanks to all for being so helpful.        

It would have been easier and quicker for you to learn if you had started by posting the pictures Philipp and I suggested.  Rather than set the weight to zero, I normally add a Multipath Rule to force the traffic out WAN1 just as I forced the other traffic out WAN2.  That's a more-flexible solution.

Cheers - Bob

Thank you.  I am working to understand the background on this as well.  This (+) Sophos UTM: best practice for uplink balancing and multipath rules - Recommended Reads - UTM Firewall - Sophos Community was helpful and a helped me understand more although i am still not clear why this over static or policy routes and knowing that would fill in a gap.

Nevertheless, I did have it working and after enabling the uplink balancing, all of my existing masquerading rules some of which were for additinal address IPs were retargeted to uplink interfaces so then I went to create a multipath rule with itf persistance interface and none of the additional address IPs are available for selection.

I can go back to my original masquerade rule and change it to the additional address but then I read in the Rulz about the order and it looks like that would come after the multipath rule.  I am not clear on the traffic flow yet.