Multipath Rules

On the Interfaces & Routing > Interfaces > Multipath Rules tab you can set rules for uplink balancing. The rules are applied to the active interfaces on the Uplink Balancing tab when there is more than one interface to balance traffic between. Without multipath rules, all services are balanced by source, i.e., all traffic coming from one source uses the same interface, whereas traffic from another source can be sent to another interface. Multipath rules allow you to change this default interface persistence.

Note – Multipath rules can be set up for the service types TCP, UDP, or IP.

To create a multipath rule, proceed as follows:

  1. On the Multipath Rules tab, click New Multipath Rule.

    The Add Multipath Rule dialog box opens.

  2. Make the following settings:

    Name: Enter a descriptive name for the multipath rule.

    Position: The position number, defining the priority of the rule. Lower numbers have higher priority. Rules are matched in ascending order. Once a rule has matched, rules with a higher number will not be evaluated anymore. Place the more specific rules at the top of the list to make sure that more vague rules match last.

    Source: Select or add a source IP address or network to match.

    Service: Select or add the network service to match.

    Destination: Select or add a destination IP address or network to match.

    Tip – How to add a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.

    Itf. persistence: Interface persistence is a technique which ensures that traffic having specific attributes is always routed over the same uplink interface. Persistence has a default timeout of one hour, however you can change this timeout on the Uplink Balancing tab. You can decide what should be the basis for persistence:

    Comment (optional): Add a description or other information.

  3. Optionally, make the following advanced settings:

    Balanced to (not with persistence by interface): Add an interface group to the field. All traffic applying to the rule will be balanced over the interfaces of this group. By default, Uplink Interfaces is selected, so connections are balanced over all uplink interfaces.

    Skip rule on interface error (only available if the Itf. Persistence is set to By Interface): If selected, in case of an interface failure, the next matching multipath rule will be used for the traffic. If unselected, no other multipath rule will be used for the defined traffic in case of an interface failure. This for example makes sense when you want to ensure that SMTP traffic is only sent from a specific static IP address to prevent your emails from being classified as spam by the recipients due to an invalid sender IP address.

  4. Click Save.

    The new multipath rule is added to the Multipath Rules list.

  5. Enable the multipath rule.

    The new rule is disabled by default (toggle switch is gray). Click the toggle switch to enable the rule.The rule is now enabled (toggle switch is green).
To either edit or delete a rule, click the corresponding buttons.
Related Topics Link IconRelated Topics
© 2019 Sophos LimitedSophos UTM 9.600