Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 19 replies
  • Subscribers 38 subscribers
  • Views 3762 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adding a 4G Sim to XG Firewall in addition to my dsl line

Martyn Campbell

Hi,

 

I  currently run XG Firewall as a VM on my unraid server and have an 80mb dsl line (fastest available here) I have done some tests with a 4G Sim card and can get 200mb so with unlimited data deals being very cheap now would I be able to add this into my XG Firewall installation and "bridge" it with my existing dsl line?

 

Any advice greatly appreciated!



This thread was automatically locked due to age.
Parents
  • 0

    I have found I can get a good deal on a contract with a Huwaeii B353 router, would I be able to connect that into Sophos in addition to my dsl line?

  • 0 in reply to Martyn Campbell

    Hi,

    I have followed this guide

    https://support.sophos.com/support/s/article/KB-000035926?language=en_US#Adding-a-new-gateway

     

    so I now have 2 WAN connections

     

    but my speed is unchanged?

     

    There is nothing else in the guide to do? have I missed something else?

     

    Thank you

  • 0 in reply to Martyn Campbell

    Ok, 

    Maybe I have been over-thinking this?

    Port 1 is my local LAN

    Port 2 is my DSL Line

    Port 3 is my WiFi LAN

    Port 4 is my 4G Router

    Sophos now has 2 gateways

    Does Sophos just balance the 2 connections as best as it can?  Do I need to do anything else?

    Lastly is there a way to see "Live" the upload/download for each WAN port so I can see exactly what is happening?

    Thank you in advance!

  • 0 in reply to Martyn Campbell

    You could simply assign your Work PC the 4G Router or the DSL connection and give the household the other connection. Thats possible via Sd-WAN Policy based rules. 

    As mentioned earlier, XG will pin a connection to a Interface and stick with this connection for ever or until the connection is closed. 

    For example, if you create a Zoom meeting, it could be, one of both connections selected and stick there for ever. If somebody in your house starts an Download/Upload, this could be on the same WAN interface (its round robin). 

    So a separation would be better. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi, I really appreciate your time and have spent countless hours trying to make this work.

    The best solution for me would be to specify by IP address what devices I would like to use the 4G Connection (Port 4)

    So basically I would like everything to use Port2 (My DSL Line) except IP addresses I specify to use Port4 (My 4G Router)

    I have tried every combination I can find and watched the SD-WAN video several times but everything I try seems to be ignored by the SD-WAN policy routing.  Is there more I must do like firewall rules?

    I have tried to add another port into XG to create another network to find a way to resolve this as well but then XG refuses to boot on my VM (A known issue/feature I know)

    so is what I am asking possible?

    for example I would like IP address 192.168.0.60 to ONLY use the Port 4 connection which is a different IP Address (192.168.8.5) and Gateway (192.168.8.1)

    If this is possible I would really appreciate an example please? I just cannot get this to work.

    Thank you 

  • 0 in reply to Martyn Campbell

    It should be possible. 

    Essentially you need a Firewall rule: LAN to WAN. Allow. No attachment to a Port needed. SNAT should be the default SNAT Rule. 

    Can you link your current SD-WAN PBR Rule? 

    You should have two. 

    One on top: Your IPs, ANY ANY - Using Port4. 

    Second on bot: ANY - ANY - ANY using Port2.

    PBR will use first match, so the first rule will be used for your Source IPs, everything else will drop to default. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi!

    I have disabled port 4 at the moment as when enabled it prevents my letsencrypt connections (I will deal with that after I get this woriking) 

    Thank you!

  • 0 in reply to Martyn Campbell

    Change the Destination network to ANY in both Rules. That should work. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    ok! do I need to reboot? i7hex is still using the dsl connection

  • 0 in reply to Martyn Campbell

    ok! I just disabled and re-enabled my i7hex machine and it is now on the 4G network! Thank you!! I just need to test all the other connections now :-)

    Do you know why I can no longer connect to my DDNS sites after this change?

  • 0 in reply to Martyn Campbell

    First verify, there is no static route.

    If there is not, all current session will use the old session. But new sessions should use the configured route. 

    Maybe your DDNS sites have a problem with your 4G connection. Sometimes there are MTU Problems or other issues with the ISP, which prevent access via a certain dial line. 

    If you know the sites, you could create another rule on top of your 4G rule: ANY Destination: Those sites and route them via the DSL. 

    __________________________________________________________________________________________________________________

  • 0 in reply to Martyn Campbell

    aha! They just took some time to start working again! 

    Thank you so much!

Reply Children
Unfiltered HTML