SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

WAN-Bonding

Please implement the posibility to bond WAN-lines. Free FW-Appliances like pfSense are able to do that. Why not Sophos?

At home (my testing area, before I implement new confs in the company FWs) I have two ISPs. UnityMedia with 125/4 MBit and Telekom with 100/40 MBit. Only with an UTM it's not possible to bond the lines, so that I can use the full bandwith of both lines.
Momentary I've solved that by putting a pfSense-appliance between the IPS-modems and the UTM. So I reach speeds like 223/44 MBit.
But... why use an other appliance between ISP-lines and UTM? Why isn't it possible that the UTM can manage that?

At our main office we also have 2 ISP-lines. So it would be also interresting for our FullGuard-UTM' to use the full bandwith of both lines.

18 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Manuel AbeledoManuel Abeledo shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    7 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Manuel AbeledoManuel Abeledo commented  ·   ·  Flag as inappropriate

        The shared picture is NOT the desired result. It's my momentary setup at home.
        I've two DIFFERENT ISPs (see bandwiths at left side) and pfSense is able to bond them without any third-party service or something else. The screenshot at right side is a REAL one from speedtest.net

      • Anonymous commented  ·   ·  Flag as inappropriate

        There are services that allow you to aggregate your ISP links by creating a VPN back to their POP; This way they're able to serve you a single IP that encompasses both links.

        I've worked with a few of these providers and the results have been surprisingly good; There's a surprisingly low amount of overhead created by the VPN connection, and the amount of latency added was also surprisingly low; On the downside, tuning the links was occasionally an issue, and packet loss tended to creep in when the bundle wasn't tuned correctly.

        Aside from this approach, I don't know how two links could transparently be aggregated; You've got an IP per ISP, and I'm not sure technically how you'd spread a single session across those IP addresses. Balancing would be easy, but you've said that's not what you're looking for.

        Another option would be to ask your ISP if they support any aggregation, such as MLPPP. That way they can aggregate multiple links to you over a single IP

        The picture you shared doesn't really reveal much, except the desired result. There has to be something to bundle the two WAN links into a single public-facing entity; For this, you'll need the cooperation of your ISP or a third-party service.

      • LippoldLippold commented  ·   ·  Flag as inappropriate

        Hi All, i can´t understand what you want? The SG / UTM Devices have Uplink Balacing, an Multipath Rules. Use use it on serveral customers, which have up to four different ISPs and it works great.

      • Anonymous commented  ·   ·  Flag as inappropriate

        When pfsense could this, it shouldn't be a Great Problem for Sophos to implement this Feature! I would like it!

      • Anonymous commented  ·   ·  Flag as inappropriate

        I can not englisch...
        Habe mir den Text von Google übersetzen lassen. Ich fände das auch sehr gut. Wir haben auch 2 Leitungen. Ein bündeln wäre sehr schön.

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.