ZyWall 310 WAN failover with HSRP?

SMarkG Posts: 14
First Anniversary Friend Collector First Comment
edited May 2021 in Security

I currently have single WAN circuit (100 Mbps leased line) and a ZyWall 310. I am in the process of replacing that single 100 Mbps circuit with a pair of 1Gbps circuits which are configured as a failover pair using HSRP. If the primary fails then the secondary (which is usually inactive) will take over and HSRP will present the secondary with the same IP details as the primary to our ZyWall.

I will therefore need to connect both the primary and secondary routers to the ZyWall and configure it to failover from the one to the other automatically.

I have read several posts on the subject of WAN failover and watched the videos on configuring it using Policy Routes or Trunks. However, both seem to assume that the two WAN circuits are separate circuits with different IP addresses and are both continuously live. In my case though, I will have two circuits but the secondary will be inactive unless the primary fails. If that happens the secondary will take on the same IP address as the primary via HSRP and all my public IP addresses will be automatically migrated onto it.

I can't figure out how I can accommodate that on the ZyWall though. I presume I can't configure a second WAN port with the same IP address the first so how can I have the two physically connected to the ZyWall?

Can this situation be accommodated directly on the ZyWall or will I need to connect a switch between the routers and my firewall?


Accepted Solution

All Replies

Security Highlight