Setting up second wan connection.

I live in a remote area in broadband terms.  The service we now enjoy is beamed from the next hill and acceptable but we have no fall back connection.  I do however have an ADSL copper connection which is available from a different ISP. This has a much lower bandwidth but would be available as a fallback option should the wireless link fail.  Is there a wiki which would get me started with setting this up please.  I am using an SG135 UTM. 

I searched for a guide but didn't find what I needed.

Grateful for any pointers please.

Budge

Parents
  • It's easier than you expect:

    1. Connect to an unused NIC.
    2. Configure an interface with a default gateway on the NIC.
    3. Make a Multipath rule like 'Any -> Any -> Any : bind to original interface'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bib,

    Found this answer and am working on it now.  Before I make a mess of things please could you clarify what you mean by "unused NIC"

    Could mean several things to me.

  • Hi Bob, I am not having much success here.  The Web Filtering was a surprise as I had no idea it had been set.  I wonder if it came as a result of my setting something else.  

    Can I leave Web Filtering off while I try and sort out my second WAN connection?

    I tried this, as I said earlier, but even with Web Filtering turned off I still had no internet or email access as soon as I turned on the multipath rules and uplink balancing.  What next I ask?  

    With regard to Philipp's advice and your related help I note that if I access the UTM as root it negates any support available from Sophos.  Do I really have to go in using SSH. Surely it shouldn't be necessary for what I am trying to achieve?

  • Yes, it's not advised for people to start mucking around with things at the command line unless it's something known to be acceptable.  Sophos UTM: How to change the outgoing interface for Web Filtering gives more instruction than I did, but it clearly indicates that the command I give above is acceptable.

    How about a picture of your Multipath rules?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    If I try and set the GW on the second interface it automatically turns on the Uplink Balancing which calls a login popup and stops my WAN connection so I have not included the default GW on the AAISP interface.

    On the multipath rules there is only the one rule.

    I have set an arbitrary IP subnet for the AAISP interface.  I do not have the IP address of the router but can get it in the morning.

    I am having trouble inserting the file so see if it works:-

    file:///home/alastair/Pictures/Pictures.tar.gz

  • For reasons I don't understand I cannot insert my zipped screenshots this time.  I get a message saying the file or url is not allowed to be inserted!4667.Pictures.tar.gz

    But this seemed to work.

  • Sorry, Alastair, but I don't have a tool that lets me see those pics.  How about just jpegs or pngs?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    Ok I think my file was damaged.  Try this.

  • Hello Alastair,

    what makes me wonder here is your remark "it automatically turns on the Uplink Balancing which calls a login popup and stops my WAN connection". What do you mean by "login popup"?
    And, of course, the second GW forces uplink balancing to be enabled, that's by design.

    @Bob: I think we need to fix this "login popup" thing before we ca go any further here...

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks, Alastair, that helps.  I don't think this will work if the AAISP interface doesn't have a default gateway.

    Agreed, Philipp, that confused me, too...

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob & Philipp,

    Sorry for the long pause.  We have guest occupying the room and I have to wait until he leaves and I can access the AAISP router.  Hope will get there this evening and check out the AAISP connection and router settings.  I thought AAISP could access from their end but couldn't.  More fun later!!!

  • OK, I have checked out my other broadband connection with AAISP.  The connection is up and working.  The router lan port is configured as a normal access port with DHCP and default GW and I can connect to it with laptop and browse.  All OK so far.

    On the UTM I have set up a dedicated access port, port 1 on its own subnet with unique IP/25 addresses and it is connected to the AAISP lan port. 

    The problem is when I try and set the default GW for port 1 on the UTM, things go wrong.  As soon as I do this I get the warning that uplink balancing is required and is enabled.  I then get a link error on the AAISP.  

    If I try and cinnect to a website using a Firefox browser I then get an Warning:Potetntial Security Risk from Firefox with the message.  See screenshot and note the Network management prompt in the corner.  Unfortunately this also took me off line so I have to back out to be able to send this which may be why the screenshot appeared above!!!

    Grateful for what to try next.

Reply
  • OK, I have checked out my other broadband connection with AAISP.  The connection is up and working.  The router lan port is configured as a normal access port with DHCP and default GW and I can connect to it with laptop and browse.  All OK so far.

    On the UTM I have set up a dedicated access port, port 1 on its own subnet with unique IP/25 addresses and it is connected to the AAISP lan port. 

    The problem is when I try and set the default GW for port 1 on the UTM, things go wrong.  As soon as I do this I get the warning that uplink balancing is required and is enabled.  I then get a link error on the AAISP.  

    If I try and cinnect to a website using a Firefox browser I then get an Warning:Potetntial Security Risk from Firefox with the message.  See screenshot and note the Network management prompt in the corner.  Unfortunately this also took me off line so I have to back out to be able to send this which may be why the screenshot appeared above!!!

    Grateful for what to try next.

Children
  • That PC needs to have the Proxy CA from the UTM installed on it, Alaatair.  You can download that in WebAdmin or via the User Portal.  With a second WAN connection, you want Uplink Balancing enabled.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    As usual I am finding this hard going.  I was able to select the button on WebAdmin and download the certificate to my laptop.  I was then able to go into Firefox an upload the certificate using settings security pages in Firefox. To be sure I rebooted but sadly when I then enabled the default GW on the AAISP port and the load balancing clicked in, I still could not access a website.   This really shouldn't be this hard.  Where next?

  • "Uplink" balancing is different from "load" balancing.  The latter applies to inbound traffic that's load-balanced between two or more servers.

    Show a few lines from the Web Filtering log where the traffic is blocked.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Bob I mistyped.  I was referring to Uplink balancing.

    I shall gladly share a few lines from the Web Filtering log when I know where to find them and copy them.  All new stuff to me I regret.