Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 4 subscribers
  • Views 2955 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Redirect one host for one Wan Interface and the rest of internal network for other Wan Interface

Javier Romero

I have 2 interfaces connected each to a different router and one interface for the LAN. The interface Router MOVISTAR is a Vlan 30/3 and Router ORANGE is a 300/300 

I have the upload balance active.

in the multipath rules i have one to redirect all web traficc of a host to one wan interface.

 

I want send the email traffic through the interface MOVISTAR, and the rest of the services come out through the interface ORANGE. 

In Masking I have to leave Uplink Interfaces.

And in NAT the mail traffic comes out through interface MOVISTAR and the rest through interface ORANGE, but it does not work.

If i put my computer (HPJAVI on multipath to a interface ORANGE, and test de connection, i have the ip of interface ORANGE, but the speed is of the MOVISTAR interface). 

Could you help me?



This thread was automatically locked due to age.
Parents
  • 0

    Hi Javier,

    First, I would like to make some comments about your configuration:

    Picture of Interfaces: If possible, you will want to put your ISPs' routers into bridge mode so that your UTM can have the public IPs on its interfaces instead of private IPs.

    Interfaces activas: usually, you will want the faster interface first, but you will definitely wan to click on the wrench icon to set the weights for the two connections.

    Your Multipath rule #3, "Mails Router Internal," probably has no effect - instead of Destination "Router MOVISTAR Address," you undoubtedly want "Internet IPv4."

    I think you're confusing DNATs with Policy Routes.  I think several are ineffective and/or unnecessary:

    1. Ineffective and unnecessary - see my comment about Multipath rule #3.
    2. Yes, this is the correct way to direct incoming emails to your mail server.  Note that this takes precedence over the SMTP Proxy, so if you've configured Mail Protection, you will want to disable this rule - see #2 in Rulz.
    3. Yes, this is the correct way to allow surf requests from the Internet to reach your server.
    4. This works, but you could have achieved the same result by making a Network Group containing both "Router MOVISTAR (Address)" and "Router ORANGE (Address)" and using that object as the Destination in a single rule.
    5. I'm surprised that Web Surfing is possible if this rule is active.  I can't imagine a similar rule being necessary.
    6. Looks good!
    7. I don't know what you wanted this rule to do, but it is ineffective.

    What test are you using and what is the exact result?

     Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hi Javier,

    First, I would like to make some comments about your configuration:

    Picture of Interfaces: If possible, you will want to put your ISPs' routers into bridge mode so that your UTM can have the public IPs on its interfaces instead of private IPs.

    Interfaces activas: usually, you will want the faster interface first, but you will definitely wan to click on the wrench icon to set the weights for the two connections.

    Your Multipath rule #3, "Mails Router Internal," probably has no effect - instead of Destination "Router MOVISTAR Address," you undoubtedly want "Internet IPv4."

    I think you're confusing DNATs with Policy Routes.  I think several are ineffective and/or unnecessary:

    1. Ineffective and unnecessary - see my comment about Multipath rule #3.
    2. Yes, this is the correct way to direct incoming emails to your mail server.  Note that this takes precedence over the SMTP Proxy, so if you've configured Mail Protection, you will want to disable this rule - see #2 in Rulz.
    3. Yes, this is the correct way to allow surf requests from the Internet to reach your server.
    4. This works, but you could have achieved the same result by making a Network Group containing both "Router MOVISTAR (Address)" and "Router ORANGE (Address)" and using that object as the Destination in a single rule.
    5. I'm surprised that Web Surfing is possible if this rule is active.  I can't imagine a similar rule being necessary.
    6. Looks good!
    7. I don't know what you wanted this rule to do, but it is ineffective.

    What test are you using and what is the exact result?

     Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML