This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setting up second wan connection.

I live in a remote area in broadband terms.  The service we now enjoy is beamed from the next hill and acceptable but we have no fall back connection.  I do however have an ADSL copper connection which is available from a different ISP. This has a much lower bandwidth but would be available as a fallback option should the wireless link fail.  Is there a wiki which would get me started with setting this up please.  I am using an SG135 UTM. 

I searched for a guide but didn't find what I needed.

Grateful for any pointers please.

Budge



This thread was automatically locked due to age.
Parents
  • It's easier than you expect:

    1. Connect to an unused NIC.
    2. Configure an interface with a default gateway on the NIC.
    3. Make a Multipath rule like 'Any -> Any -> Any : bind to original interface'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bib,

    Found this answer and am working on it now.  Before I make a mess of things please could you clarify what you mean by "unused NIC"

    Could mean several things to me.

  • Hi Alastair,

    In Web Filtering you can configure different Profiles so that traffic for different groups or internal LANs can be handled differently.  In order for WebAdmin to show the 'Optional interface for outgoing traffic' as suggested by Philipp, you must run the following command as root at the command line:

         cc set http enable_out_interface 1

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob, I am not having much success here.  The Web Filtering was a surprise as I had no idea it had been set.  I wonder if it came as a result of my setting something else.  

    Can I leave Web Filtering off while I try and sort out my second WAN connection?

    I tried this, as I said earlier, but even with Web Filtering turned off I still had no internet or email access as soon as I turned on the multipath rules and uplink balancing.  What next I ask?  

    With regard to Philipp's advice and your related help I note that if I access the UTM as root it negates any support available from Sophos.  Do I really have to go in using SSH. Surely it shouldn't be necessary for what I am trying to achieve?

  • Yes, it's not advised for people to start mucking around with things at the command line unless it's something known to be acceptable.  Sophos UTM: How to change the outgoing interface for Web Filtering gives more instruction than I did, but it clearly indicates that the command I give above is acceptable.

    How about a picture of your Multipath rules?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    If I try and set the GW on the second interface it automatically turns on the Uplink Balancing which calls a login popup and stops my WAN connection so I have not included the default GW on the AAISP interface.

    On the multipath rules there is only the one rule.

    I have set an arbitrary IP subnet for the AAISP interface.  I do not have the IP address of the router but can get it in the morning.

    I am having trouble inserting the file so see if it works:-

    file:///home/alastair/Pictures/Pictures.tar.gz

  • For reasons I don't understand I cannot insert my zipped screenshots this time.  I get a message saying the file or url is not allowed to be inserted!4667.Pictures.tar.gz

    But this seemed to work.

  • Sorry, Alastair, but I don't have a tool that lets me see those pics.  How about just jpegs or pngs?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    Ok I think my file was damaged.  Try this.

  • Hello Alastair,

    what makes me wonder here is your remark "it automatically turns on the Uplink Balancing which calls a login popup and stops my WAN connection". What do you mean by "login popup"?
    And, of course, the second GW forces uplink balancing to be enabled, that's by design.

    @Bob: I think we need to fix this "login popup" thing before we ca go any further here...

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks, Alastair, that helps.  I don't think this will work if the AAISP interface doesn't have a default gateway.

    Agreed, Philipp, that confused me, too...

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob & Philipp,

    Sorry for the long pause.  We have guest occupying the room and I have to wait until he leaves and I can access the AAISP router.  Hope will get there this evening and check out the AAISP connection and router settings.  I thought AAISP could access from their end but couldn't.  More fun later!!!

Reply
  • Hi Bob & Philipp,

    Sorry for the long pause.  We have guest occupying the room and I have to wait until he leaves and I can access the AAISP router.  Hope will get there this evening and check out the AAISP connection and router settings.  I thought AAISP could access from their end but couldn't.  More fun later!!!

Children
  • OK, I have checked out my other broadband connection with AAISP.  The connection is up and working.  The router lan port is configured as a normal access port with DHCP and default GW and I can connect to it with laptop and browse.  All OK so far.

    On the UTM I have set up a dedicated access port, port 1 on its own subnet with unique IP/25 addresses and it is connected to the AAISP lan port. 

    The problem is when I try and set the default GW for port 1 on the UTM, things go wrong.  As soon as I do this I get the warning that uplink balancing is required and is enabled.  I then get a link error on the AAISP.  

    If I try and cinnect to a website using a Firefox browser I then get an Warning:Potetntial Security Risk from Firefox with the message.  See screenshot and note the Network management prompt in the corner.  Unfortunately this also took me off line so I have to back out to be able to send this which may be why the screenshot appeared above!!!

    Grateful for what to try next.

  • That PC needs to have the Proxy CA from the UTM installed on it, Alaatair.  You can download that in WebAdmin or via the User Portal.  With a second WAN connection, you want Uplink Balancing enabled.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    As usual I am finding this hard going.  I was able to select the button on WebAdmin and download the certificate to my laptop.  I was then able to go into Firefox an upload the certificate using settings security pages in Firefox. To be sure I rebooted but sadly when I then enabled the default GW on the AAISP port and the load balancing clicked in, I still could not access a website.   This really shouldn't be this hard.  Where next?

  • "Uplink" balancing is different from "load" balancing.  The latter applies to inbound traffic that's load-balanced between two or more servers.

    Show a few lines from the Web Filtering log where the traffic is blocked.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Bob I mistyped.  I was referring to Uplink balancing.

    I shall gladly share a few lines from the Web Filtering log when I know where to find them and copy them.  All new stuff to me I regret. 

  • Hi Bob,

    Had to leave the second connection mid thread while trying to keep business running.  Should have finished it as now I need the fallback connection to work and it doesn't.  Please could I resume on this thread or should I start over. 

    Regards,

    Budge

  • Hi Bob,

    Just wanted to apologise to you for making such a meal of this and to thank you for your help.

    My problems were due to lack of know how on my part and a mis-configured router thanks to ISP.

    With some additional help from Dirk and some time on phone with ISP I now have the basics sorted out and have two WAN connections.  I therefore am closing this thread and thanks again,

    Budge