Channel Aggregation & Failover

Configuring channel failover, static and dynamic aggregation.

If you have multiple connections to Internet service providers, you can use them in the following ways:

Failover of one connection so that when it is disconnected, traffic goes through other available connections.
Static aggregation of traffic between multiple connections. With it, some users of the local network will access the Internet through one provider, some through another.
Dynamic aggregation of traffic between multiple connections. With it, connections will switch alternately depending on the load, and sessions from all users will be evenly distributed between them.

Preparation

Create an additional connection to the Internet provider. The process of creating connections is described in the article on External Ethernet connection. Thus, the server must have at least two Internet connections.

To work with traffic in SafeUTM, it is important to consider two things: routing and NAT. This applies to both aggregation and failover.

Channel Redundancy

To set up redundancy, go to Services -> Channel Aggregation & Failover and select the Failover mode.

The priority of using connections is set by their order in the table, from top to bottom. The connection that is currently in use is marked with the tag In use.
To change the priority, you can use the corresponding controls (arrow icons).
If the Internet has become unavailable through the connection used, the system will switch to a higher priority one that has access to the Internet.

Access to the Internet via Specific Connection to Provider (Static Aggregation)

Such scheme of connection to several Internet service providers is often used in the following cases:

When some resources on the Internet are cheaper to visit through another Internet provider and traffic needs to be routed through it.
When it is necessary to grant access to the internal networks of one of the providers to certain users or groups of users.

To configure this connection scheme, follow these steps:

Example of a rule:

In this example, traffic directed to facebook.com from user Jane Smith will be directed through the connection to the provider's Local interface.

Load Aggregation Across Multiple Connections (Dynamic Aggregation)

To configure this connection scheme, follow these steps:

Go to Services -> Channel Aggregation & Failover.
Select the operating mode Channel Aggregation.

To evenly distribute sessions between connections, you must specify the value Bandwidth – the maximum Internet speed according to the tariffs of your providers. By default, the bandwidth is set to 100 Mbit/s. The server will automatically balance traffic depending on a load of connections.

You do not need to create routes or perform any other settings to balance traffic. Proxy server traffic will also be balanced automatically.

Network Interfaces

Configuring Local Ethernet

Configuring External Ethernet

Configuring PPTP Connection

Configuring L2TP Connection

Configuring PPPoE Connection

Connection via 3G and 4G

Proxy

Configuring Proxy with Single Interface

Exclude IP Addresses from Proxy Server Processing

Connecting to External ICAP Services

Branches and Head Office

Connecting Devices

Connecting users

PPTP VPN

Incoming Connection of Cisco IOS to SafeUTM via IPsec

Outgoing SafeUTM Connection to Cisco IOS via IPsec

Incoming pfSense connection to SafeUTM via IPsec

Outgoing pfSense Connection to SafeUTM via IPsec

Connecting Keenetic via SSTP

Connecting Kerio Control to SafeUTM via IPsec

Connecting Keenetic via IPsec

TLS Certificates

Uploading your SSL certificate to server

Channel Aggregation & Failover

Preparation

Channel Redundancy

Access to the Internet via Specific Connection to Provider (Static Aggregation)

Example of a rule:

Load Aggregation Across Multiple Connections (Dynamic Aggregation)