This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Uplink Balancing not switching back to higher priority Interface

Hi,

i have two UTM 9.408-4 in HA mode in one of our branch offices.

this office has 2 WAN Uplinks (1 fibre and 1 LTE for backup).

i just need the LTE-WAN for backup if the main fibre goes down.

the failover to LTE works, but the connection never switches back to the main WAN uplink (when it is up again).

check the screenshot for my config. what did i miss?

best regards,

Daniel



This thread was automatically locked due to age.
Parents
  • Hi, Daniel, and welcome to the UTM Community!

    That looks good to me, so I would have to suspect your ISP's equipment.  Does making the change recommended in #7.7 in Rulz resolve this issue?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi, Daniel, and welcome to the UTM Community!

    That looks good to me, so I would have to suspect your ISP's equipment.  Does making the change recommended in #7.7 in Rulz resolve this issue?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi Bob and thanks for your answer.

    no, rule #7 does not resolve the issue. but i have noticed that the UTM doesnt recognize when the WAN connection is back online.

    i have email alerts enabled for "internet uplink up/down".

    in this particular case the UTM never reported "internet uplink is up again", even if it was.

    i have automatic monitoring enabled, maybe i should try to use my own monitoring hosts.

    for now i put the WAN-LET to standby-interfaces, to avoid the UTM use it as main WAN uplink.

    not a sexy solution but a workaround.

    regards

  • "... i have noticed that the UTM doesnt recognize when the WAN connection is back online."

    This is exactly the reason for avoiding auto-negotiation as described in #7.7.  It would confirm my guess if your ISP doesn't see the UTM as offline.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    thanks for the input and sorry for the late reply. couldnt check that any earlier. i did what you suggested and set fixed speed and duplex on the firewall interfaces as well as on the switches. unfortunately it didnt work (same problem). maybe what shoud be considered is the network design for this particular connections:

    WAN Connection: UTMs WAN Interface (eth1) -> connected to switch VLAN 2 (untagged) -> WAN (fibre) Router (also connected to VLAN 2 same switch, untagged)
    LTE-WAN Connection: UTMs free interface (eth5) -> connected to switch VLAN 3 (untagged) -> LTE Bridge (also connected to VLAN 3 same switch, untagged)

    keep in mind there are 2 UTMs (HA Mode) with the same wiring and VLAN switch ports. all switch ports (and firewall interfaces) are set to 1GB/s Full-Duplex.
    i cannot change the switch-connected Interfaces on the WAN (fibre) Router and LTE-WAN Bridge to fixed speed and duplex because we have no access to these devices.
    Do you think it is necessary to set fixed speed/duplex on these 2 devices too?

    On the switch i can see those 2 devices auto-negotiated to 1GB/s FD also.

    thanks for your ideas.

    regards

  • "i cannot change the switch-connected Interfaces on the WAN (fibre) Router and LTE-WAN Bridge to fixed speed and duplex because we have no access to these devices.
    Do you think it is necessary to set fixed speed/duplex on these 2 devices too?"

    Yes, those are the ones that would need to be set if you go back and look at #7.7 in Rulz.  Your ISP can do that.  Have them set them to 1Gbps/Full, and I bet the same setting on the UTM will cause your problem to mysteriously disappear.[;)]

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA