This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Limit webserver to one uplink when uplink balancing

We have 2 uplinks. One is a fiber connection (static IP) the other is a cable modem connection (non static IP). I have uplink balancing enabled, which works great. The issue is the webserver initiates connections to outside resources. Sometimes things are not working like they should and when I turn off the cable modem connection we never have any issues. I suspect there are times where the server is initiating the connection to the outside resources from the cable modem uplink and it is getting rejected. Is there a way to have uplink balancing but force a webserver to only utilize one of the uplinks?



This thread was automatically locked due to age.
Parents
  • Hi, Jonathan, and welcome to the UTM Community!

    Yes, the answer is a Multipath rule.  The default balancing is "by connection" so you may want to activate the "Example HTTP" rule in general instead of binding the traffic from the server to one interface.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I don't see how enabling the example HTTP rule would help.  Any-> websurfing ->any-> uplink interfaces.   Will still allow the webserver to send traffic across the Fiber or the cable modem connection.  Or am I missing something.

    I tried to create a multipath rule, of webserver, ->any->any-> but the only option is uplink interfaces. I cant select the interface I want.

  • Oh, I just noticed I can create a new group and only put the fiber connection in the group.. Would that work?

  • "Or am I missing something."  Although it's possible that you have a different problem, it's likely that the issue is caused by the default.

    "... the only option is uplink interfaces."  Once you select "Itf. persistence: By interface', you will be able to make the choice.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • "Or am I missing something."  Although it's possible that you have a different problem, it's likely that the issue is caused by the default.

    "... the only option is uplink interfaces."  Once you select "Itf. persistence: By interface', you will be able to make the choice.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data