I have automatically enabled uplink balancing in my Sophos. I use multi path rules to be able to change internet traffic to External WAN Interface or to route traffic over VPN Connection Interface. (VPN Router is in DMZ)
Example Multipath Rule:
switching Rule On:
I tried now to disable Uplink balancing, but this set my defined multi path rules by bind interface to undefined.
When Uplink balancing is disabled, I also have the issue that I cannot choose anymore between the VPN Interface and External WAN Interface.
Can someone please help me how can I disable Uplink Balancing, but still be able to route traffic via Interface?
Why do you want to disable Uplink Balancing?
Cheers - Bob
while I would like to define by myself over which interface I send my traffic
Show us pictures of the Edits of your Multipath rules and tell us more about what traffic should go where.
here are 2 rules as example. first rule is Mac via external (WAN) on Top, and later Rule is Internal LAN via DMZ VPN. With this I can activate the Mac rule,
so just for the Mac, the traffic goes to External (WAN) Interface. When I toggle of the Mac Rule, the traffic is routed as in Rule 6 Internal LAN via the DMZ VPN Interface.
Those look correct , although you might want "Any" instead of "Internal (Network)" in the 'Source' field. I would leave Uplink Balancing active.
You also might want to make a separate Web Filtering Profile that applies only to the "MAC" object.
I still don't understand what you're trying to fix.
Thanks Bob, you mean Any at the Bottom of the Multipath Rules, so I can add before more specific device rules like for example TV – Netflix – External (WAN) etc?
I have 2 Webfilter Profiles Standard Proxy Mode and Default Profile Transparent as Fallback.
Im trying the following, hope it made sense :)
Under Interfaces DMZ VPN I had to add the VPN Routers IP as Gateway, that the Router establish the VPN Connection. As the DMZ Interface should not have defined a Gateway, for security purposes, how can I remove the Gateway, but still be able that the router connects to the VPN?
Under External (WAN) I have the Provider Modem Connected, Dynamic IP / and Default Gateway, that’s why the Uplink Balancing automatically turn on when having 2 Gateways defined.
How can I set Uplink Balancing, just to use the DMZ VPN, and if the connection fails, no Internet Connection should be established, or manually define which traffic go to External (WAN) Interface or to DMZ VPN Interface?
All you need is two changes:
Thank You Bob, adapted the Rules now. Just a question, as the DMZ VPN Interface has the Routers IP as Standard GW, is there any additional security setting what I should do? As the DMZ Interface normally should not have a Standard Gateway defined
There must be a default gateway to make the Multipath rules work. You should be fine.
Thank You Bob!
If you disable multipath rules, than you have to switch to Policy Routes, and dont forget masqeurading