Balancing specific traffic such as HTTP over all WAN Links with Multilink on Sophos UTM

  • Article ID: 115323
  • Updated: 14 Feb 2014

Known to apply to the following Sophos product(s) and version(s)


Sophos UTM Software Appliance

Operating systems
V7, V8, V9

What To Do

Configure Sophos UTM to distribute HTTP (or other specific traffic) across all balanced WAN links.

1 – Confirm that all network interfaces are properly defined and configured in the Interfaces & Routing > Interfaces tab.

2 – Configure Multipath WAN uplink balancing.

2a - Interfaces & Routing > Interfaces > Uplink balancing tab click the toggle switch.

2b – Click the folder icon in the Active Interfaces box to display the interface list, drag and drop all WAN links to be balanced into the Interfaces: box. (Note: in case of link failure, interfaces will be used in the order displayed, use the blue arrows to change interface order as appropriate).

2c – Optionally click the folder icon in the Standby Interfaces box to display the interface list, drag and drop all WAN links to be balanced into the Interfaces: box. (Note: in case of link failure, interfaces will be used in the order displayed, use the blue arrows to change interface order as appropriate).

2d – Leave the Automatic monitoring checkbox selected, or clear the checkbox and add specific hosts to use for monitoring into the Monitoring hosts: field. Monitoring hosts are used for regular ping checks to verify interface connectivity for all interfaces, and therefore must be available from all interfaces.

3 – Configure Multipath Rules, under Interfaces & Routing > Interfaces > Multipath Rules tab click New multipath rule.

3a – Input an appropriate Name for the rule

3b – Select the correct Position for the new rule (Note: rules parse from top to bottom, in case of overlapping or conflicting rules, the uppermost rule will be applied).

3c – Click the folder icon by the Source field, drag and drop the source host or network into the Source field, or create a new definition for the source. To balance HTTP traffic for internal hosts, select your internal network.

3d - Click the folder icon by the Service field, drag and drop the service definition into the Service field, or create a new definition for the service. To balance HTTP traffic for internal hosts, select HTTP from the list of defined services.

3e - Click the folder icon by the Destination field, drag and drop the destination host or network into the Destination field, or create a new definition for the destination. To balance HTTP traffic for internal hosts, select Any from the list of defined hosts and networks.

3f – Select the appropriate persistence type from the Itf. Persistence pull-down menu (Interface Persistence is used to ensure that subsequent connections from a host are consistently routed over the same uplink interface). Interface Persistence options are:
*By Connection (Default): Each connection is balanced independently. *By Source: Balancing is based on the source IP address.
*By Destination: Balancing is based on the destination IP address.
*By Source/Destination: Balancing is based on the source/destination IP address combination.
*By Interface: Select an interface from the Bind Interface drop-down list. All traffic applying to the rule will be routed over this interface. In case of an interface failure and no other matching rules the connection falls back to default behavior. (Note: selecting this option will prevent balancing across multiple WAN uplinks)
3g – (Optional) Add a description or other information in the Comment field.
3h – Click Save.
4 – Click the status icon to enable the new rule. (The status icon will turn green when enabled).

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments