This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Route traffic to a URL over specific WAN interface?

Hi,

We have two internet connections, load balanced using Uplink Balancing on Sophos UTM 9. It all works great except that one of our users is having trouble with security on a particular website because his WAN IP changes depending on which internet connection he's being routed out over.

Is there a way to pin outbound traffic for that domain to one interface, so that his IP address doesn't change? I took a look at Static Routing, but it seems to want an IP, not a URL, and I can't guarantee that there aren't multiple IPs on that domain or that they won't change in the future.

Thanks!

This thread was automatically locked due to age.

Parents

0 elliottradar over 7 years ago

Actually, I think I might have found part of the answer to my own question:

Multipath Rules, create a new destination and change Type from "IP address" to "DNS host" or "DNS Group".

The trouble is, the URL of the site is something like https://mashofcharacters.webserver99.acme.com -- is there a way to set a wildcard for the acme.com domain?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 6 years ago in reply to elliottradar

Hi, Elliott, and welcome to the UTM Community!

There's no such thing as a wildcard in DNS, but maybe acme.com can give you a list of the IPs where they check to see the IP your user gets. Then, you're right, a Multipath rule placed above the other one is what you would want.

If not, then Doug's suggestion is your best bet.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 elliottradar over 6 years ago in reply to BAlfson

Thanks for the tips, guys. I'll try the web filtering idea first-- seems the simpler solution-- and I'll let you know how it went.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 elliottradar over 6 years ago in reply to BAlfson

Thanks for the tips, guys. I'll try the web filtering idea first-- seems the simpler solution-- and I'll let you know how it went.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 giomoda over 6 years ago in reply to elliottradar

When I have this type of issues I usually do a WHOIS on the destination IP address and collect the subnet to where it belongs, since big companies usually have a entire subnet of IP addresses. With that information I create a network definition for that subnet, create a multipath rule like Any > Web Surfing > destination subnet and bind to a specif WAN interface. That way all HTTP/S requests both from internal networks and from the proxy with that destination will go out though a specif WAN and in case of a WAN failure it will fall back to the second link.

Regards,

Giovani
Cancel
Vote Up 0 Vote Down

Cancel