This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SG125 Two WAN links and two LAN links with a separate IP


I have SG125 currently with one Internet and one LAN network (192.168.5.x). I want to add an extra Internet link to the UTM and use this link for a different LAN (192.168.10.x) which has only camera connected to.

The setup I want to do is 

- Get both Internet links (ADSL PPPoE) working at the same time and use primary link for office users (192.168.5.x) but use secondary link for only the camera LAN network (192.168.10.x).

Is it even possible to use both connections simultaneously? I can kinda think of using multipath rules combining two links as uplink interface. But I am not sure what would be the best solution.

Or is it also possible to connect both connections and add static route for the secondary link?

Any suggestions appreciated.

This thread was automatically locked due to age.
  • When you have 2 WAN interfaces you can configure your masquerading rules either to masquerade to "External WAN 1", "External WAN 2" or "Uplink Interfaces". You could configure a masquerading rule for your camera network to use only External WAN 2 but in case this connection goes down there will be no failover to WAN1.

    If you use Uplink interfaces, then you can configure multipath rules where you can have all traffic from camera network go to WAN2 and by selecting the option "Skip rule on interface error" traffic will failover to WAN1 in case WAN2 goes down.

    If you need any more help in this then let us know. 

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • apijnappels, I assume I still need to configure static route to route the traffic from camera network to External WAN2?


Reply Children
  • No, it's not necessary as either the masquerading rule or the multipath rule will take care of the routing, so no static routing required.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Thanks for answering my questions.

    One last question, when configuring PPPoE connection for WAN 2, do I also have to tick the IPv4 Default Gateway? Would this not affect the WAN 1 (main link) ?

  • I don't have experience with PPPoE, but usually when you have 2 WAN interfaces they are both IPv4 Default gateways (and need to be configured as such). You can use multipath rules to configure which interface is used for which traffic. Or you can use masquerading to determine which LAN segment masquerades to which WAN connection.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Hi, Patrick, and welcome to the UTM Community!

    Your last question was actually answered above by apijnappels, but you didn't realize it.  There are two different approaches to using two WAN connections - Static Routing and Uplink Balancing with Multipath rules.  In any case, you must use Masquerading or SNAT to replace internal IPs with ones that are routable on the Internet.

    Uplink Balancing with Multipath rules really just creates lower- and higher-priority routes in the background - there's no magic.  I prefer this approach so that I can have automatic failover if one of the two connections goes down.  Yes, I could accomplish that with Static Routes, but that's complicated and inelegant.

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA