SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

WAN-Bonding

Please implement the posibility to bond WAN-lines. Free FW-Appliances like pfSense are able to do that. Why not Sophos?

At home (my testing area, before I implement new confs in the company FWs) I have two ISPs. UnityMedia with 125/4 MBit and Telekom with 100/40 MBit. Only with an UTM it's not possible to bond the lines, so that I can use the full bandwith of both lines.
Momentary I've solved that by putting a pfSense-appliance between the IPS-modems and the UTM. So I reach speeds like 223/44 MBit.
But... why use an other appliance between ISP-lines and UTM? Why isn't it possible that the UTM can manage that?

At our main office we also have 2 ISP-lines. So it would be also interresting for our FullGuard-UTM' to use the full bandwith of both lines.

27 votes
Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)

We’ll send you updates on this idea

Manuel Abeledo shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

8 comments

Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)
Submitting...
  • Manuel Abeledo commented  ·   ·  Flag as inappropriate

    The shared picture is NOT the desired result. It's my momentary setup at home.
    I've two DIFFERENT ISPs (see bandwiths at left side) and pfSense is able to bond them without any third-party service or something else. The screenshot at right side is a REAL one from speedtest.net

  • Anonymous commented  ·   ·  Flag as inappropriate

    There are services that allow you to aggregate your ISP links by creating a VPN back to their POP; This way they're able to serve you a single IP that encompasses both links.

    I've worked with a few of these providers and the results have been surprisingly good; There's a surprisingly low amount of overhead created by the VPN connection, and the amount of latency added was also surprisingly low; On the downside, tuning the links was occasionally an issue, and packet loss tended to creep in when the bundle wasn't tuned correctly.

    Aside from this approach, I don't know how two links could transparently be aggregated; You've got an IP per ISP, and I'm not sure technically how you'd spread a single session across those IP addresses. Balancing would be easy, but you've said that's not what you're looking for.

    Another option would be to ask your ISP if they support any aggregation, such as MLPPP. That way they can aggregate multiple links to you over a single IP

    The picture you shared doesn't really reveal much, except the desired result. There has to be something to bundle the two WAN links into a single public-facing entity; For this, you'll need the cooperation of your ISP or a third-party service.

  • Lippold commented  ·   ·  Flag as inappropriate

    Hi All, i can´t understand what you want? The SG / UTM Devices have Uplink Balacing, an Multipath Rules. Use use it on serveral customers, which have up to four different ISPs and it works great.

  • Anonymous commented  ·   ·  Flag as inappropriate

    When pfsense could this, it shouldn't be a Great Problem for Sophos to implement this Feature! I would like it!

  • Anonymous commented  ·   ·  Flag as inappropriate

    I can not englisch...
    Habe mir den Text von Google übersetzen lassen. Ich fände das auch sehr gut. Wir haben auch 2 Leitungen. Ein bündeln wäre sehr schön.

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.