Advice on Configuring NAT Masquerading with ISP Failover

Question

Hi all, I have two ISPs in my Sophos UTM 9: a primary and a secondary line. Currently, I&rsquo;ve set up masquerading for the primary line using the external interface, which was straightforward. Now, I&rsquo;d like to configure masquerading for the secondary line in case the primary one goes down. My concern is that configuring masquerading for the secondary line might interfere with the current setup, potentially causing service disruption. I'd appreciate your advice. Ultimately, my question is: if I create two NAT masquerading rules, one for the primary and one for the secondary, will Sophos automatically choose the masquerading rule for the active line? 
 Mauro

Raphael Alganes · Answer

Hello Mauro, 
 Masq NAT rules have positioning/precedence, so a second or so forth masq rule/s would not interfere with the "Top", so if in any case, the top doesn't have a match, it would just simply go over the next one in the positioning. 
 https://docs.sophos.com/nsg/sophos-utm/utm/9.706/help/en-us/Content/utm/utmAdminGuide/NetProtNATMasquerading.htm 
 Hope this helps. Thank you for choosing Sophos. 
 Regards,

Advice on Configuring NAT Masquerading with ISP Failover

Top Replies