Error with Load Balance and Outlook

adnanz82 · May 20, 2025, 7:00am

i have 2 wan connection and 1 lan connection with load balancing. a small office with 40 computers,

i am facing 2 issues.

user face send and receiver error unable to connect on outlook, ( my email server is hosted on cloud ), and issue resolve if i restart the router, as even turning off all the firewall entry wont work. or i directly connect internet to pc's it works fine. outlook port are 25 and 465, 110
load balancing only work as failover if wan 1 goes down wan 2 start working automatically and get back to idle if wan 1 is up again.

may/20/2025 11:59:26 by RouterOS 6.49.16

software id = 60KX-MIKK

model = RB750Gr3

serial number = HGW0A35VTEY

/interface ethernet
set [ find default-name=ether1 ] name=ISP1
set [ find default-name=ether2 ] name=ISP2
set [ find default-name=ether5 ] name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp_pool1 ranges=192.168.0.105-192.168.0.199
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=LAN name=dhcp1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=192.168.18.25/24 interface=ISP1 network=192.168.18.0
add address=192.168.98.20/24 interface=ISP2 network=192.168.98.0
add address=192.168.0.1/24 interface=LAN network=192.168.0.0
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=facebook.com list=facebook.com
add address=fbcdn.net comment=facebook list=facebook.com
add address=m.facebook.com comment=facebook list=facebook.com
/ip firewall filter
add action=drop chain=forward disabled=yes dst-address-list=facebook.com
add action=add-dst-to-address-list address-list=facebook.com
address-list-timeout=4d12h chain=forward comment=Facebook content=
.facebook.com src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=facebook.com
address-list-timeout=4d12h chain=forward content=.facebook.net src-address=
192.168.0.0/24
add action=add-dst-to-address-list address-list=facebook.com
address-list-timeout=4d12h chain=forward content=.fbcdn.net src-address=
192.168.0.0/24
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.18.0/24 in-interface=LAN
add action=accept chain=prerouting dst-address=192.168.98.0/24 in-interface=LAN
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=ISP1 new-connection-mark=ISP1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=ISP2 new-connection-mark=ISP2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=LAN new-connection-mark=ISP1_conn
passthrough=no per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=LAN new-connection-mark=ISP2_conn
passthrough=no per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=ISP1_conn in-interface=
LAN new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP2_conn in-interface=
LAN new-routing-mark=to_ISP2 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1_conn new-routing-mark=
to_ISP1 passthrough=no
add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=
to_ISP2 passthrough=no
add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes
protocol=tcp tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ISP1
add action=masquerade chain=srcnat out-interface=ISP2
add action=dst-nat chain=dstnat dst-address=192.168.18.1 dst-port=1155 protocol=
tcp to-addresses=192.168.0.231 to-ports=1155
/ip firewall raw
add action=add-dst-to-address-list address-list=tiktok address-list-timeout=
none-dynamic chain=prerouting content=tiktok in-interface=LAN protocol=tcp
add action=drop chain=prerouting dst-address-list=tiktok
add action=drop chain=prerouting dst-address-list=facebook.com
add action=add-dst-to-address-list address-list=facebook.com
address-list-timeout=none-dynamic chain=prerouting content=facebook
in-interface=LAN protocol=tcp
/ip route
add check-gateway=ping distance=1 gateway=192.168.18.1 routing-mark=to_ISP1
add check-gateway=ping distance=1 gateway=192.168.18.1 routing-mark=to_ISP2
add check-gateway=ping distance=1 gateway=192.168.18.1
add check-gateway=ping distance=2 gateway=192.168.98.1
/system clock
set time-zone-name=Asia/Karachi

wiseroute · May 20, 2025, 9:01am

hello adnan,

user face send and receiver error unable to connect on outlook, ( my email server is hosted on cloud ), and issue resolve if i restart the router, as even turning off all the firewall entry wont work. or i directly connect internet to pc’s it works fine. outlook port are 25 and 465, 110

does it mean: if you restarted the router - the active interface goes back to isp1??

if yes - then you might do some check on your routing table and nat pre-emptive (to clear the sessions) when isp1 went down - your email user sessions still think they should go to isp1.

@anav have plenty dual internet working examples. check them out.

anav · May 20, 2025, 10:51am

Have you considered putting all mail traffic on wan2…