Disable Uplink Balancing / Multipath Rules Issue

Hello,

I have automatically enabled uplink balancing in my Sophos. I use multi path rules to be able to change internet traffic to External WAN Interface or to route traffic over VPN Connection Interface. (VPN Router is in DMZ)

 

Example Multipath Rule:

MAC    Any    Internet IPv4 
  External (WAN) 

switching Rule On:

MAC    Any    Internet IPv4 
  VPN Network 

 

I tried now to disable Uplink balancing, but this set my defined multi path rules by bind interface to undefined.

When Uplink balancing is disabled, I also have the issue that I cannot choose anymore between the VPN Interface and External WAN Interface.

Can someone please help me how can I disable Uplink Balancing, but still be able to route traffic via Interface?

 

Thx

Parents Reply Children
  • Show us pictures of the Edits of your Multipath rules and tell us more about what traffic should go where.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello Bob,

    here are 2 rules as example. first rule is Mac via external (WAN) on Top, and later Rule is Internal LAN via DMZ VPN. With this I can activate the Mac rule, 

    so just for the Mac, the traffic goes to External (WAN) Interface. When I toggle of the Mac Rule, the traffic is routed  as in Rule 6 Internal LAN via the DMZ VPN Interface.

     

    Best regards

    Sally

  • Those look correct , although you might want "Any" instead of "Internal (Network)" in the 'Source' field.  I would leave Uplink Balancing active.

    You also might want to make a separate Web Filtering Profile that applies only to the "MAC" object.

    I still don't understand what you're trying to fix.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks Bob, you mean Any at the Bottom of the Multipath Rules, so I can add before more specific device rules like for example TV – Netflix – External (WAN) etc?

     

    I have 2 Webfilter Profiles Standard Proxy Mode and Default Profile Transparent as Fallback.

     

    Im trying the following, hope it made sense :)

     

    Under Interfaces DMZ VPN I had to add the VPN Routers IP as Gateway, that the Router establish the VPN Connection. As the DMZ Interface should not have defined a Gateway, for security purposes, how can I remove the Gateway, but still be able that the router connects to the VPN?

      

    Under External (WAN) I have the Provider Modem Connected, Dynamic IP / and Default Gateway, that’s why the Uplink Balancing automatically turn on when having 2 Gateways defined.

     

    How can I set Uplink Balancing, just to use the DMZ VPN, and if the connection fails, no Internet Connection should be established, or manually define which traffic go to External (WAN) Interface or to DMZ VPN Interface?

    Thx

  • All you need is two changes:

    1. In Multipath rule 1, open the 'Advanced' section and un-check 'Skip rule on interface error'.
    2. In Multipath rule 2, replace "Internal (Network)" with "Any IPv4" in the 'Source' field.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank You Bob, adapted the Rules now. Just a question, as the DMZ VPN Interface has the Routers IP as Standard GW, is there any additional security setting what I should do? As the DMZ Interface normally should not have a Standard Gateway defined

    Best regards

    Sally

  • There must be a default gateway to make the Multipath rules work.  You should be fine.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank You Bob!

    Best regards

    Sally

  • If you disable multipath rules, than you have to switch to Policy Routes, and dont forget masqeurading