Known to apply to the following Sophos product(s) and version(s)
Sophos UTM Software Appliance
Version 7, 8
What To Do
Configure Astaro Security Gateway to force HTTP (or other specific traffic) across a single interface when balancing multiple WAN links.
1 – Confirm that all network interfaces are properly defined and configured under Network > Interfaces > Interfaces tab.
2 – Configure Multipath WAN uplink balancing.
2a - Under Network > Interfaces > Uplink balancing tab click Enable.
2b – Select Multipath from the Type drop-down menu.
2c – Click the folder icon in the Interfaces box to display the interface list, drag and drop all WAN links to be balanced into the Interfaces: box. (Note: in case of link failure, interfaces will be used in the order displayed, use the blue arrows to change interface order as appropriate).
2d – Leave the Automatic monitoring checkbox selected, or clear the checkbox and add specific hosts to use for monitoring into the Monitoring hosts: field. Monitoring hosts are used for regular ping checks to verify interface connectivity for all interfaces, and therefore must be available from all interfaces.
3 – Configure Multipath Rules, under Network > Interfaces > Uplink balancing tab click New multipath rule
3a – Input an appropriate Name for the rule
3b – Select the correct Position for the new rule (Note: rules parse from top to bottom, in case of overlapping or conflicting rules, the uppermost rule will be applied).
3c – Click the folder icon by the Source field, drag and drop the source host or network into the Source field, or create a new definition for the source. To restrict HTTP traffic for internal hosts, select your internal network.
3d - Click the folder icon by the Service field, drag and drop the service definition into the Service field, or create a new definition for the service. To restrict HTTP traffic for internal hosts, select HTTP from the list of defined services.
3e - Click the folder icon by the Destination field, drag and drop the destination host or network into the Destination field, or create a new definition for the destination. To restrict HTTP traffic for internal hosts to the Internet, select Any from the list of defined hosts and networks.
3f – Select by Interface from the Itf. Persistence pull-down menu.
3g - Select an interface from the Bind Interface drop-down list. All traffic applying to the rule will be routed over this interface. (Note: in case of an interface failure and no other matching rules, the connection falls back to default behavior).
3h – (Optional) Add a description or other information in the Comment field.
3i – Click Save.
4 – Click the status icon to enable the new rule. (The status icon will turn green when enabled).