Multipath Routing and RED Devices

Hello all 2 part question,

We have 2 WAN connections on our UTM with uplink balancing enabled and at the moment all traffic had been configured to go through only one of the interfaces (don't ask, I didn't create this :)).  I'm finding that our hypervisor and backup software is filling the WAN1 connection, along with added peaks during break times where users with non-issued devices are hopping on the guest network (as work policy says the devices should be) and slowing everything down.

1 - Should I set the UTM Host IP of the RED we use for offsite backups to the one of the IPs of WAN2.....
      OR.....
      should I use a multipath rule of:     ANY ==> ANY ==> RED Network ==> WAN2 Interface    (And is this the right settings?)

1a) I'm sneaking another quick question here, for a RED's 2nd UTM IP can I enter in the other WAN IP or should I use our other office's UTM IP if all the REDs are
       set as Standard/Unified, but the second UTM does not have any REDs on it and acts as a "glorified" RED device for the most part?

2 - For the Guest network Multipath route would it be ANY ==> ANY==> Guest Network Subnet ==> WAN2 Interface?

  • Diagrams always help get better answers more quickly, Dave, but I think I see some of what you want...

    1 - Yes reconfigure the RED to use your other Internet connection.  The suggested Multipath rule would wreak havoc with routing.

    1a) What is where?  A picture of a hand-drawn diagram would be great.

    2 - Probably cause another routing problem, but ???

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  •  I forgot you're a visualist, like me. Slight smile  



    These are the 2 Multipath rules I created last week. Are you saying I should instead turn off 1 and change the UTM Host IP from: WAN1_IP to WAN2_IP?





    For 2nd UTM hostname, if I put in the Major Office UTM IP address here in ALL our REDS, should the HQ get vaporized, would this allow the REDs to continue functioning (and more importantly have Internet access)?  I'll of course have to replicate the rules/config of HQ's UTM to the Major Office's UTM........(can you sense my excitement :))

  • Great diagram, Dave - I think I see your situation...

    You have a PM.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA