Note: Please contact Sophos Professional Services if you require direct assistance with your specific environment.
This article focuses on best practices to configure Uplink Balancing and Multipath Rules for 2 or more WAN links.
Thanks to @BAlfson for great explanation about default multipath rule.
To distribute traffic evenly on 2 WAN links,
Target: WAN interface "WAN_200_225" is only used by 192.168.10.9 to access Internet, no other internal host/network can use it to access Internet.
Assume UTM has 3 WAN interfaces, traffic from an internal network needs to be loaded on 2 WAN interfaces only.
Sophos UTM: Uplink Balancing and Multipath rule, support.sophos.com/.../KB-000034635
Wouldn’t it be the same to set the weight to 0 for the 3rd wan interface for the case “Assume UTM has 3 WAN interfaces, traffic from an internal network needs to be loaded on 2 WAN interfaces only.”?And by the way a demo for the weight setting I think.
PS That is an important topic which definitely deserves a best practice.
Since upgrading from 9.510 to 9.6 we sometimes face strange Multipath issues. Since then, we have seen this multiple times, that reply packets are being sent out the wrong wan interface, which leads to asymetric routing.... I think this is still persistent. We use weight=0 for the secondary line, this is the setting, that the affected systems have in common... Really strange issue.
Maybe another issue was implemented, while solving this issue:
I don't like to use the 0-weight trick, Alex, because it's "hidden" during a quick overview. Maybe it's just the way my brain takes in information, but, for me, the advantage of having Multipath rules is that the "documentation" is clearer to someone coming in behind the person that originally configured Uplink Balancing. I don't have sites where there are a lot of Multipath rules though.
Cheers - Bob
Balancing by connection is a good way to enter into ReCaptcha hell and be forced to log in over and over. I use multipath for failover.
Ryan, "By Connection" is the default. You would want a Multipath rule "By Source/destination" to avoid your issue.
isIthis working in sophos xg 135 firewall ?
Wow You explain each and everything Just look like I'm watching a Video Tutorial Appreciated Your efforts. Link