This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Uplink Balancing Standby Interface Link Down

I posted this in another area, but got zero responses....so I will try it here:

Site has two separate ISP's providing Static IP's.  Created second External (WAN) Backup Interface on eth2 (Ethernet, eth2 Intel Corp Avoton, Default GW configured).  Uplink Balancing was turned on by default when a second Default Gateway was configured.  We have the Main "External (WAN)" interface in the Active Interfaces section and the backup "External (WAN) Backup" interface in the Standby Interfaces with Automatic monitoring checked.  Under the Dashboard, the External (WAN) Backup interface on eth2 shows State as "Standby" and Link as "Down"  Have we configured everything correctly?  Why does the Link show as Down?  Our goal is to have the second backup interface kick on if for some reason the main ISP goes down and the failover kicks on for redundancy.  Thanks



This thread was automatically locked due to age.
  • So someone from Sophos moved the thread, but can't respond....WOW
  • Matt, it was probably one of the volunteer mods that moved this here.

    If you truly want this as an instantaneous backup, there are two ways to accomplish that and both require having the backup in 'Active Interfaces':

    1. Using the wrench icon, weight the primary interface 100 and the backup 0.
    2. Make a Multipath rule that binds 'Any -> Any -> Any' traffic to the primary interface.

    If the second connection doesn't have a per GB traffic cost, I would make the weights proportionate to the speeds of the connections and make multipath rules to provide the best throughput.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Yes, you had it configured correctly, if the "backup" interface is set as standby. If the main active interface goes down, it will be detected and then the standby will become active. Otherwise, you can do as Bob has suggested.

    "So someone from Sophos moved the thread, but can't respond....WOW"
    FYI Matt: The Sophos mods here are not engineers and do not have in-depth technical knowledge of the UTM product. Their role is administrative for the forum Community. As with many large technology companies, most employees are not techies (management, marketing, sales, finance, etc.). Just like Astaro.org, the vast majority of the time, you receive technical assistance here from other users, which is the only realistic expectation you should have.

    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • Thank you for the responses, I finally had some time to look at this again.  We only want the "2nd Interface" to be a backup (Backup) interface and only in use if the connection for the main (Active) interface goes down.  But when the main (Active) interface goes down, the Standby Interface is not working.  We have verified our settings under Interfaces & Routing>Interfaces>Interfaces Tab and also have verified connectivity going straight from ISP Modem to laptop set with the the same static information.  What are we missing? 

  • If you make the second interface active, and add the Multipath rule I suggested above, does the interface connect and move traffic if the first interface is disabled?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Is it a knownly bug(???), if you have configured a standby interface by the "native standby configuration" (WAN1 as active interface and WAN2 as standby) that the interface sometimes goes "down" shown in interfaces and will not come up; here it is a little bit stranger...I have an active-passive cluster and the interface on the slave firewall is always shown as "down" indicated on LEDs, on master it was shown as "up"...after a reboot and switch from master to slave both interfaces were down and did not come up again.

    this failure I had long time before I used an active-passive cluster that the standby wan interface were gone down after few days, then I had to press the "renew ip adress" button in gui and it came up again for several days until the same error ocured again.

     

    now I received the same error after reboot master like described below; then I tried the way to set both as active interfaces with balancing 100:0 (this should use the 0-interface (wan2 standby) only if the primary 100-interface goes down.

    and to monitor both interfaces as acurate as possible I added for each one a separate host object with google public dns ip (8.8.8.8) bound on the specific wan interface.

     

     

    BAlfson said:

    If you make the second interface active, and add the Multipath rule I suggested above, does the interface connect and move traffic if the first interface is disabled?

    Cheers - Bob