Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 3 answers
  • Subscribers 29 subscribers
  • Views 19779 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable wan load balance on LOCAL zone

Andrea Giacomin

 Hi guys,

I'm using Sophos XG on VMware with two PPPoE connection in load balancing mode (round-robin), weigth 1 for both WAN.

I'm having some issues with FTP backup not working because of the WAN balacing.

Is there a way to disable the load balance for the LOCAL zone?

 



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to lferrara

    lferrara said:

    Andrea,

    WAN balacing operates only on WAN side. Where are your target and source FTP?

    Thanks

     

    The source il the XG itself and the target is a remote host. The FTP backup I'm reffering to is the XG backup configuration. Sorry I didn't mention in the previous post.

     

     

     

Children
  • 0 in reply to Andrea Giacomin

    Andrea,

    No firewall rules are needed if you configure the ftp backup using built-in backup feature:

    Regards

  • 0 in reply to Andrea Giacomin

    I think you could still use the policy route.  Don't select an Interface.  Say the source network is the LAN and the WAN networks/IPs, the service would still be FTP, and the destination would be whatever FTP server you input into the FTP Backup.  Select a single gateway for that.  Then see if you can run the FTP backup or not.

  • 0 in reply to lferrara

    Luis - I think Andrea means that's what they're using, and it broke after turning on WAN Load balancing.

  • 0 in reply to Chris Shipley

    Using a Single WAN in active-backup configuration the xg backup procedure works perfectly. In Active-Active configuration this error occour "Backup could not be sent due to incorrect server configuration".

    When I check the FTP server log I notice that the source IP bounce randomly between the two WAN IP.

    Wed Jul 12 08:33:05 2017 [pid 12817] CONNECT: Client "xxx.xxx.xxx.188"
    Wed Jul 12 08:33:06 2017 [pid 12816] [xg-ftp-user] OK LOGIN: Client "xxx.xxx.xxx.188"

    Wed Jul 12 08:35:21 2017 [pid 13304] CONNECT: Client "xxx.xxx.xxx.52"
    Wed Jul 12 08:35:22 2017 [pid 13303] [xg-ftp-user] OK LOGIN: Client "xxx.xxx.xxx.52"

     

    Is it possible that login packets are forwarded with first WAN, and data with the second. In this case the FTP server drops all the data.

     

    I tried to add some firewall rule to prevent the load balancing for the FTP server public. But I think that the traffic generated by the xg itself do not match the source zone LAN.

  • 0 in reply to Andrea Giacomin

    Andrea,

    are you sending backup through WAN interface? I mean, is the FTP server located outside your network?

    If yes, I guess you need to open a ticket with support, because firewall rules are not managing the XG itself rules (ACL does). Inside ACL you cannot control FTP behaviour.

    So open a ticket with support or use another method to backup XG configuration.

    Regards

  • 0 in reply to lferrara

    lferrara said:

    Andrea,

    are you sending backup through WAN interface? I mean, is the FTP server located outside your network?

     

    Yes, I'm sending the backup to a remote FTP server.