This article explains how to setup multiple redundant static routes to a single destination network using different paths.
Known to apply to the following Sophos product(s) and version(s)
In UTM9, it is not possible to configure multiple static routes to the same destination network, regardless of the assigned metric. If you attempt to do so, you'll get an error stating that the network is already in use by the existing route.
However, it is possible to create redundant gateway routes to a single destination network (using different paths), by using Availability Groups.
What To Do
First, create an Availability Group consisting of the gateway addresses of each route:
- Login to the WebAdmin and go to Definitions & Users | Network Definitions
- Click New network definition...
- Add an appropriate name.
- Choose type: Availability Group.
- Under Members, add a host object consisting of the IP address of the remote gateway of each route you want to add.
- Availability groups resolve to hosts on the Members list in top-down order.
- Please ensure that the primary gateway is at the top of the list.
- Under Advanced, choose a monitoring interval/timeout.
- These settings control how often a keep-alive is set to the configured remote gateways.
- Click Save.
For example: if you want to reach the remote network 192.168.5.0/24, and you have 2 links to that network where the addresses of the next hops to reach it are 192.168.6.1 and 192.168.7.1, you would add host objects consisting of those two addresses into the Availability Group host list.
Next, configure a static gateway route where the destination gateway address is the Availability Group:
- Login to the WebAdmin and go to Interfaces & Routing | Static Routing | Standard Static Routes
- Click New static route...
- Choose Route Type: Gateway route.
- Under Network, add the network object for the network you want to reach.
- Under Gateway, add the object for your recently created Availability Group.
- Click Save.
Finally, activate the static route. Your UTM will now have a route to the specified remote network, via the interface connected to the first gateway on the list in your Availability Group. If that gateway is no longer reachable, but the next one is, the route will automatically switch over to the interface associated with the next gateway. If the first gateway on the list becomes reachable again, the route will switch back to utilize the first interface.
The amount of time it takes for the UTM to switch the route from one link to the next if the first one fails is controlled by the Interval setting in the Availability Group > Advanced section. If you set the interval to 15, then the UTM will attempt to contact the first host on the list every 15 seconds. If that host does not respond in the time period specified under Timeout, the UTM will then attempt to contact the next host on the list, and so on.