Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 4 subscribers
  • Views 6777 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Two Wan, 4VLANs and multi-SSID on AP multi-path issue

fsyong

Tried to solve this problem last year, unfortunately failed and custom support said no solution. 

 

Here is the scenerio: 

1 Two internet lines,  one Wan with public ip address. One is fiber/DSL with private ip address. 

2 I have two groups in the same office, unfortunately the WAN line can not support the VPN client software on the laptop from Germany. So I ordered a ATT DSL with separate wireless router for this group.

3 Multi-SSIDs on each AP, I have 4 AP100.  Trunk setting on Cisco switches.

4 I want to integrate everything into the UTM9, but 4Vlans will use the main WAN port (default gateway) for internet, one Vlan will only use the DSL line for internet. 

 

I have tried gateway routing or interface routing, but can't make one VLAN go internet through the DSL line (Private address 192.168.xx.xx)

Asked the technical support remotely check my setting, they have no clues. Right now I am using Virtual UTM, please help!

 

H



This thread was automatically locked due to age.
  • 0

    How are your masq. rules configured?

    Are they configured as:

    vlan x => Uplink interfaces

    or are they confiugred as:

    vlan x => External WAN x

    Perhaps you can make a screen shot of your masquerading rules.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0

    If you have two Interfaces with default gateways, you should use Multipath rules to make one subnet go through one ISP and other subnets go through the other ISP.

    If you don't put a default gateway on the AT&T connection, you will need to use a policy route instead of a regular static route.  The disadvantage of this approach is that you can't route traffic that passes through a Proxy - that traffic will always go out the interface with a default gateway.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks.   But I don't think UTM 9 can put default gateway on two interface.

     

    I already setup the main internet line with default gateway.    This line has WAN ip address.

     

    The another interface is private address from DSL,  tried policy route, interface NAT. No use.

  • 0 in reply to fsyong

    Find a solution.

    Bridge to VLAN,  in this case I don't need to setup any NAT, or policy route.   UTM one port Trunk to Cisco switch, DSL line plugs to Vlan port on Cisco switch

    The only question is:

    Can firewall protection work on this VLAN?

  • 0 in reply to fsyong

    "But I don't think UTM 9 can put default gateway on two interface." - That was true up until about five years ago.  Today, when you add a second WAN connection with a default gateway, Uplink Balancing is activated and you use Multipath rules.  You can get what you want in other ways, but this is the most elegant and easy to manage.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    The issue is that I have dual WAN, but can't use uplink balancing due to VPN client software.

  • 0 in reply to fsyong

    VPN client software should not be a problem.  You can handle any complications with an appropriate Multipath rule.  You can solve this proble in the "classic" way, but I think you'll be glad you learned how to use Multipath rules.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML