Note: Please contact Sophos Professional Services if you require direct assistance with your specific environment.

---

Overview

This article focuses on best practices to configure Uplink Balancing and Multipath Rules for 2 or more WAN links.

Thanks to @BAlfson for great explanation about default multipath rule.

Basic setup

To distribute traffic evenly on 2 WAN links,

1. Go to Interfaces & Routing > Interfaces > Uplink Balancing, enable Uplink Balancing.
   
2. You don't have to create the following multipath rule, but you should know it is the default applied when traffic doesn't qualify for any multipath rule.
   Go to Interfaces & Routing > Interfaces > Multipath Rules, create a multipath rule with
   Source: an internal network
   Itf. Persistence: By Connection
   Balanced to: Uplink Intefacees
   
   Note: Like all ordered (numbered) lists in UTM, once a rule applies, no subsequent rules are considered.
   
   
   
   
3. Go to Network Protection > NAT > Masquerading, create a masquearding rule with "Interface: Uplink interfaces". If no such masquearding rule, UTM might choose wrong WAN interface for outbound traffic.
   

Internal network uses a specific WAN interface for outbound traffic

1. Enable Uplink Balancing, and create a masquerading rule with "Interface: Uplink interfaces" for the internal network as above
2. Create a multipath rule with
   Source: the internal network
   Itf. Persistence: By Interface
   Bind interface: the WAN interface designated for the internal network
   Skip rule on interface error: checked, so that traffic will be sent out from another up WAN interface if bind interface is down.
   

WAN interface serves only one host

Target: WAN interface "WAN_200_225" is only used by 192.168.10.9 to access Internet, no other internal host/network can use it to access Internet.

1. Enable Uplink Balancing, and create a masquerading rule with "Interface: Uplink interfaces" for the internal network as above
2. Create a multipath rule, set
   Source: host definition of 192.168.10.9
   Itf. Persistence: By Interface
   Bind interface: WAN_200_225
   Skip rule on interface error: checked
   
3. Edit schedule of uplink balancing
   
4. Change weight of interface "WAN_200_225" to 0, so that it won't be used by other multipath rule configured with "Itf. Persistence: Connection/Source/Destination"
   

Load traffic on specific WAN interfaces

Assume UTM has 3 WAN interfaces, traffic from an internal network needs to be loaded on 2 WAN interfaces only.

1. Enable Uplink Balancing, and create a masquerading rule with "Interface: Uplink interfaces" for the internal network as above
2. Create an interface group contains those 2 WAN interfaces, in UTM webadmin > Interfaces & Routing > Interfaces > Interfaces > New Interface… > Type: Group
3. Go to Interfaces & Routing > Multipath Rules, create a multipath rule, configure 
   Source: the internal network
   Itf. Persistence: By connection
   In Advanced Settings, set Balanced to:  the interface group

Technical KBA for reference

Sophos UTM: Uplink Balancing and Multipath rule, support.sophos.com/.../KB-000034635

Updated with default multipath rule, suggested by BAlfson
[edited by: taowang at 3:38 AM (GMT -8) on 7 Nov 2020]
[edited by: FloSupport at 1:05 AM (GMT -7) on 8 Jun 2021]