Networking: DNS Incoming Load Balancing
It would be cool if the UTM could update DNS records to balance the incoming traffic. By changing the DNS answer across the public addresses configured on the UTM, the records could update (although with a delay) in reference to how much bandwidth and connection are used on the WAN links at a point in time to avoid new incoming connections being delivered to overloaded links.
Other Utms are integrating these features. Why Sophos is not even considering this feature? In this way Sophos UTM can satisfy big customers too or small DC with heavy needs.
Jackson Eyton commented
It should be possible with Multipath rules yes.
Nizaam Mohamed commented
Whys can't astaro do this, as Baracuda NG firewall does this.
Paolo Bellorini commented
Could be very useful so we can buy Astaro and remove http://www.peplink.com/ or Radware Prooflink
no. It is NOT possible since the balacing is for outbound trafic, not for inbound. If fact the feature is called "UPLINK load balancing" NOT downlink. Since we have a DNS server on the ASG, would be interesting and very useful to configure a primary zone on the ASG's DNS server and the DNS answers that the ASG will provide should be based on the available bandwidth. So that the DNS server will have stored in its primary zone as A records the public IP addresses configured on the ASG WAN interfaces.
Bob Alfson commented
Gabriele, If I understand your suggestion, isn't ithat already possible with 'Uplink Balancing'?