All,
I'm in the midst of configuring a new sophos SG230 for a client of ours, however they have a very peculiar setup.
At the moment they have two "WAN" links, one is a normal DSL line and the other one is a government line (publilink) that can only be use for specific applications.
The setup now is that the default route points to the government line through an ASA firewall, and the other connections use a proxy to connect to a TMG that is connected to the DSL line at on end and the ASA at the other end.
Both the ASA and the TMG will be replaced by one SG230 active-passive failover 'cluster'. I have read that if you want to route proxy requests through another interface you need to use multipath rules.
However, my two WAN links can not failover if one goes down (if the WAN line goes down the traffic can not flow through the government line).
I've included the multipath rules I already made.
Now I have a couple of questions here:
1. Are multipath routes still the way to go for my situation? Mind you, that I need to route certain proxy requests to the DSL WAN and certain requests to Publilink depending on the source.
2. If so, how can I make sure that all connections coming from the Sophos (e.G. up2date, liveconnect,...) flow through the open internet link?
3. Are multipath routes being checked top down? So if I put a route at the bottom ANY->ANY->ANY->Publilink it will only be hit if he can not find a hit in the rules above it?
Hopefully somebody can clear this up for me [:)]!
Best Regards!
This thread was automatically locked due to age.
