Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 3827 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configure Web Protection to use an special interface

Marco Lorenz

Hello community,

 

I have a question concerning Mutli-WAN on Sophos UTM 9.5.

Our customer had only 1 WAN-connection until last week. So every traffic to the outside was routed over this connection. We have a lot of packetfilters (Network Protection - Firewall - Rules) which are communicating over Ports like HTTP, HTTPS and so on directly to the internet without using Web Protection. In addition of this, we have configured Web Protection for surfing the www from client computers.

Packetfilters and Proxy are using the same WAN connection at he moment.

Now we have an additional WAN-connection and want to use this ONLY for Web Protection (Proxy). I am searching for any kind of configuration on how to tell Web Protection to use the new interface.

I already read about Multi-WAN and Uplink Balancing, but this wan't make the trick for me, because it is service based and we are using same tcp-services for packetfilters an outgoing proxied traffic. So I need a possibility to tell Web Proxy to use WAN NEW, whereas everything else should use WAN OLD.

 

Anyone an idea on how to do the trick?

 

Kind Regards

Marco



This thread was automatically locked due to age.
  • +1

    Hey Marco.

    Would this help you achieve your requirements?

    Regards,

    Giovani

  • 0 in reply to giomoda

    Hey Giovani,

     

    this helped a lot, BUT... now I have the next issue. Speedtest of new Interface shows 0MBit/s Uplink. Browsing is extremly slow. I think this has something to do with configuration of both WAN-Interfaces.

    Both WAN-Interfaces are configured with Router of Provider as Default Gateway. Is this OK for me config or is there any advise to make it better?

     

    KR

    Marco

  • 0 in reply to Marco Lorenz

    To be completely honest I haven't used this feature, so I'm not sure if I'll be able to help you. I would start by checking your multipath and SNAT rules. You might have some previous configuration that is causing this. Try disabling anything fancy you might have done trying to get this going and stick to the defaults, at least for testing, and see how it goes. Rulz is a good place to start with some bast practices and dealing with caveats you might encounter.

    As for you question, you mean you have a couple of routers in front of the UTM? Is UTM receiving public or private IPs? If you are double natting, this can cause some weird issues, but I'm not sure if this would cause what you are seeing. All I can say is that I really don't like having anything in front of the UTM, all my setups have the public IP delivered directly to the UTM.

    Regards,

    Giovani

Unfiltered HTML