This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Easiest / Best way to track traffic to make sure it is flowing as needed through the correct WAN, in particular for a RED attached to that WAN?

Hello all,

Is there an easy way to ensure that traffic/routing rules are working through the correct WAN network, in particular when involving a RED device? Doing a tracert from an internal client to a server behind a RED will only show the two hops: UTM internal IP ==> RED internal IP (as it should) so that is out of the question.

I've setup some new multipath rules and changed one of our RED's UTM Host IP to our WAN2 IP and now more traffic appears to be going through WAN 2, than it should. This is the only RED assigned to that WAN.  If I do a "what's my IP" from my own desktop it even shows as the WAN 2 IP, when it should show WAN 1's IP.

If I set WAN 2 as Standby in Uplink Balancing does that prevent/disable any rules from using WAN 2?

Is there a "traffic" log for each RED?

Multipath:

RED Config



This thread was automatically locked due to age.
Parents
  • Several things, Dave, that you probably know, but, just in case:

    1. All traffic with a RED goes in and out through the interface IP specified in UTM Hostname.  In Failover, only if the RED is unable to reach the first one will it "call" the second one.
    2. In the above, since there is nothing specified in '2nd UTM Hostname', the 2nd ISP will never be used.
    3. Multipath rules only apply to outbound traffic and can have no effect on inbound traffic which is handled by conntrack, the Connection Tracker.
    4. If you put an interface into 'Standby' in Uplink Balancing, it will only be activated when all 'Active Interfaces' are unable to reach the 'Automatic' or 'Monitoring hosts'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Several things, Dave, that you probably know, but, just in case:

    1. All traffic with a RED goes in and out through the interface IP specified in UTM Hostname.  In Failover, only if the RED is unable to reach the first one will it "call" the second one.
    2. In the above, since there is nothing specified in '2nd UTM Hostname', the 2nd ISP will never be used.
    3. Multipath rules only apply to outbound traffic and can have no effect on inbound traffic which is handled by conntrack, the Connection Tracker.
    4. If you put an interface into 'Standby' in Uplink Balancing, it will only be activated when all 'Active Interfaces' are unable to reach the 'Automatic' or 'Monitoring hosts'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data