This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setting up second wan connection.

I live in a remote area in broadband terms.  The service we now enjoy is beamed from the next hill and acceptable but we have no fall back connection.  I do however have an ADSL copper connection which is available from a different ISP. This has a much lower bandwidth but would be available as a fallback option should the wireless link fail.  Is there a wiki which would get me started with setting this up please.  I am using an SG135 UTM. 

I searched for a guide but didn't find what I needed.

Grateful for any pointers please.

Budge



This thread was automatically locked due to age.
  • It's easier than you expect:

    1. Connect to an unused NIC.
    2. Configure an interface with a default gateway on the NIC.
    3. Make a Multipath rule like 'Any -> Any -> Any : bind to original interface'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bib,

    Found this answer and am working on it now.  Before I make a mess of things please could you clarify what you mean by "unused NIC"

    Could mean several things to me.

  • Mis-typed, that was Bob.  Sorry.

  • "Unused" was indeed the wrong adjective, Alastair.  I meant "connect the ISP's device to an available NIC."  When you do that and the Interface has a default gateway, WebAdmin automatically activates Uplink Balancing.  Starting a few years ago, WebAdmin also automatically modifies existing masquerading rules  from '--> External' to '--> Uplink Interfaces'.

    I prefer using Multipath rules to weighting because the rules are instantly visible.

    Cheers - Bob
    PS "Bib" reminded me of my girlfriend when I was 17.  When I gave her a birthday card, I realized when I got to her home that I'd spelled her name with nn instead of one n, so I crossed out the second one before ringing her doorbell.  She was gracious at the time, but had a surprise for me when my birthday came around after I'd started going steady with another girl.  She spelled my name "Boob" on the birthday card and crossed out the second o.  That was sooo cool!

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    Thanks for the smiles.  What I am not sure about is the term NIC.  I assume you mean one of the ports on the UTM.  Is that correct?  My problem is that present all UTM ports are occupied.  I shall have to see what I can change to free up a port. 

  • NIC = Network Interface Card = Ethernet port.

    All ports are occupied before you can connect the second WAN connection?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob, sorry to be thick but my problem is not what we understand by NIC but that none are local to my secondary router.  I should explain my UTM is in a rack with a managed switch and patch panel for company.  All 5 available ports on the UTM are occupied by patch connections either to the adjacent managed switch or other managed switches, more remote and using trunk connections and vlans.  All the servers and workstations and thus NICs are remote. 

    From your initial reply I thought you were referring to one of the interface ports in the UTM.  Clearly not.   All the machines are on static IPs on their respective subnets but I shall have to make some changes to get a copper connection from the secondary router to a NIC.  Would it not be simpler to plug into the adjacent switch which has all he subnets available on the switch and I believe has a spare interface.  If I do this, does it matter which subnet I use?  All the subnets connect through to the UTM so I assume the UTM will sort out the routing.  

    I cannot recall the details of my secondary internet connection but I believe I have a fixed IP connection from my ISP to the router and there is also a basic firewall device which addresses DHCP.  I believe the NAT is done by the router but will check. The basic firewall may cause problems so I shall need to check with my ISP if I can bypass the firewall and go straight to the router.

    I suspect I am making too hard work of this but this is a live business system and I cannot afford to have things going wrong.      

  • Does the following give you an idea, Alastair?  If the ISP's connection terminates in a switch that is already connected to the UTM, have it route the traffic to a VLAN and define a VLAN interface on the UTM NIC that's connected.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • OK that sounds like a plan and sorry I have been so difficult. 

    The way I have my switches configured, all the subnets and dhcp are defined on the UTM and connect to access points on the switches.  I do not bring the vlan tagged traffic into the UTM as all tags are stripped at the access point from the switch as a preference till now. 

    I can create a Vlan on the switch and access port for it but this is where my understanding runs out.  If I use an existing vlan, for example vlan 500, the access point on the switch connecting to UTM connection to port 5 serves subnet with a particular IP range from dhcp on UTM.  Do I need to configure the secondary router for this particular subnet or just leave it floating? 

  • I can't even guess, so that's a question for the people that sold you the switch.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA