This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SNMP Traps, SMTP and SYSLOG all sending from incorrect interface.

Came across a interesting issue when specifying the outbound interface to internal network for SNMP Traps, SMTP and SYSLOG they would still come out over the external interface. Searched for hours on the forums without much luck.

This was seemingly caused by the fact we use Uplink Balancing.

To resolve this issue, simply create Multipath rules for the affected services to force them out the correct interface.

 

I hope this helps any others facing the same issue.



This thread was automatically locked due to age.
Parents
  • Hi Oliver and welcome to the UTM Community!

    This isn't something I've heard of before.  Does your internal interface have a default gateway?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi Oliver and welcome to the UTM Community!

    This isn't something I've heard of before.  Does your internal interface have a default gateway?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Good morning Bob,

     

    Yes, I can confirm the internal interface has a default gateway configured. It was a really strange issue and affected multiple services. With SNMP traps,  I set the outbound interface to internal but even with that setting in place it was going out the external interface, I was left scratching my head for days but I assume there is a overriding setting somewhere else that was forcing the use of the external interface. Fortunately, configuring a multipath route Ext1 →  SNMP-Traps  →  Internal Server Name → Internal resolved the issue, We have also configured multipath routes for SYSLOG and SMTP for the same purpose.

     

    Regard,

    Oliver

  • If, instead of being at the edge of your network, this device is behind an edge router, I would expect that only the External interface would have a default gateway.  If at the edge, the same would be true.  Why does your internal interface need a default gateway?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • We have included this for BCP purposes, if both external links go down, it will route traffic back through the internal interface and out a DIA link.

  • Perfect!  When someone is new here, it's difficult to gage their level of sophistication - sorry I doubted you, Oliver!  And thanks for adding a thread that describes a solution.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA