This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using 2 WANs in uplink balancing but force using only one

I have two WANs in uplink balancing and normally one of them is in active interfaces (e.g. WAN1) and the other is in standby (e.g. WAN2).

Sometimes I want to let one of our internal endpoints to connect to the internet via WAN2 so:

1. I move the WAN2 from standby to active

2. define a "Multipath Rule" with:
  Source: Endpoint IP
  Service: Any
  Destination: Internet IPv4
  Persistence: By Interface
  Bind interface: WAN2

3. Sort the WANs with WAN1 on top, WAN2 as the second and set the "Weight" on the Active Interfaces to: WAN1=100 and WAN2=0

Should that be sufficient to avoid other endpoints using the WAN2 as the outbound interface?

I had issues when the "weight" was set to "100 / 10" - I noticed some connections tried to "leak" through WAN2 and I don't want them to use this WAN interface at all.



This thread was automatically locked due to age.
  • It should be good. Other option is to make a second multipath rule (also second in line) with source: any, service any, destination Internet IPv4, persistance By Interface and interface WAN1.

    That way the first endpoint hits the first rule and all others hit the second rule.

    Also if WAN1 should fail, All traffic will most likely fail over to WAN2.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Hallo Chris,

    You can use the suggestion made by apijnappels or you can set the weights to 100/0.  Your Multipath Rule above will still function as desired.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA