Force Specific traffic such as HTTP over one WAN Link Using Multilink on Astaro Security Gateway

  • Article ID: 115322
  • Rating:
  • 3 customers rated this article 6.0 out of 6
  • Updated: 29 May 2012

Known to apply to the following Sophos product(s) and version(s)


Sophos UTM Software Appliance

Operating systems
Version 7, 8

What To Do

Configure Astaro Security Gateway to force HTTP (or other specific traffic) across a single interface when balancing multiple WAN links.

1 – Confirm that all network interfaces are properly defined and configured under Network > Interfaces > Interfaces tab.

2 – Configure Multipath WAN uplink balancing.
2a - Under Network > Interfaces > Uplink balancing tab click Enable.
2b – Select Multipath from the Type drop-down menu.
2c – Click the folder icon in the Interfaces box to display the interface list, drag and drop all WAN links to be balanced into the Interfaces: box. (Note: in case of link failure, interfaces will be used in the order displayed, use the blue arrows to change interface order as appropriate).
2d – Leave the Automatic monitoring checkbox selected, or clear the checkbox and add specific hosts to use for monitoring into the Monitoring hosts: field. Monitoring hosts are used for regular ping checks to verify interface connectivity for all interfaces, and therefore must be available from all interfaces.
3 – Configure Multipath Rules, under Network > Interfaces > Uplink balancing tab click New multipath rule
3a – Input an appropriate Name for the rule
3b – Select the correct Position for the new rule (Note: rules parse from top to bottom, in case of overlapping or conflicting rules, the uppermost rule will be applied).
3c – Click the folder icon by the Source field, drag and drop the source host or network into the Source field, or create a new definition for the source. To restrict HTTP traffic for internal hosts, select your internal network.
3d - Click the folder icon by the Service field, drag and drop the service definition into the Service field, or create a new definition for the service. To restrict HTTP traffic for internal hosts, select HTTP from the list of defined services.
3e - Click the folder icon by the Destination field, drag and drop the destination host or network into the Destination field, or create a new definition for the destination. To restrict HTTP traffic for internal hosts to the Internet, select Any from the list of defined hosts and networks.
3f – Select by Interface from the Itf. Persistence pull-down menu.
3g - Select an interface from the Bind Interface drop-down list. All traffic applying to the rule will be routed over this interface. (Note: in case of an interface failure and no other matching rules, the connection falls back to default behavior).
3h – (Optional) Add a description or other information in the Comment field.
3i – Click Save.
4 – Click the status icon to enable the new rule. (The status icon will turn green when enabled).

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments