Dual ISP In Firewall
businessuer
Posts: 134 Ally Member
in Security
Current:
Assume that I have 2 wan port to 2 separate isp.
Traffic shaping is round robin.
What I want:
I want vlan 2,3 to go out via WAN port 1.
I want vlan 4 to go out via WAN port 2.
Question:
But If I only configure a PBR on vlan 4 to go out on WAN port 2.
There is no PBR for vlan 2 and 3.
Q1 Will vlan 2 and 3 be round robin or it will go out WAN 1 automatically?
Q2 For what I want, do I have to configure PBR for every vlan in that case?
Q3 For PBR can I select outgoing interface instead of next hop ?
Assume that I have 2 wan port to 2 separate isp.
Traffic shaping is round robin.
What I want:
I want vlan 2,3 to go out via WAN port 1.
I want vlan 4 to go out via WAN port 2.
Question:
But If I only configure a PBR on vlan 4 to go out on WAN port 2.
There is no PBR for vlan 2 and 3.
Q1 Will vlan 2 and 3 be round robin or it will go out WAN 1 automatically?
Q2 For what I want, do I have to configure PBR for every vlan in that case?
Q3 For PBR can I select outgoing interface instead of next hop ?
0
All Replies
-
Hi @businessuser,Q1 Will vlan 2 and 3 be round robin or it will go out WAN 1 automatically?It depends on your default wan trunk setting. it is at "Configuration > Network > Interface"Q2 For what I want, do I have to configure PBR for every vlan in that case?Based on your requirement, you need to create 2nd PBR for every vlan assume your default wan trunk setting both wan trunk are active.
Q3 For PBR can I select outgoing interface instead of next hop ?Based on your requirement, we would suggest to use trunk as next hop for each vlan interface.e.g. Create 2 customize wan trunk;Trunk A: Wan1 active , Wan2 Passive.Trunk B: Wan1 passive , Wan2 active.Apply Trunk A in PBR for vlan2 and vlan3.Apply Trunk B in PBR fro vlan 40 -
Q1: should be round robin since there's no policy route on vlan2 and 3
Q2: yes if you want to identify the outgoing wan separately
Q3: Yes you can
0 -
Zyxel_Cooldia said:Hi @businessuser,Q1 Will vlan 2 and 3 be round robin or it will go out WAN 1 automatically?It depends on your default wan trunk setting. it is at "Configuration > Network > Interface"Q2 For what I want, do I have to configure PBR for every vlan in that case?Based on your requirement, you need to create 2nd PBR for every vlan assume your default wan trunk setting both wan trunk are active.
Q3 For PBR can I select outgoing interface instead of next hop ?Based on your requirement, we would suggest to use trunk as next hop for each vlan interface.e.g. Create 2 customize wan trunk;Trunk A: Wan1 active , Wan2 Passive.Trunk B: Wan1 passive , Wan2 active.Apply Trunk A in PBR for vlan2 and vlan3.Apply Trunk B in PBR fro vlan 4
Why should I be using a trunk?
The Wan link is a layer 3 interface.
Is there any way NOT to configure a PBR for every single vlan?0 -
Hi @businessuer,
Since it come from different source vlan, you need to create 2 policy route for vlan2 and vlan3/Vlan40 -
Zyxel_Cooldia said:Hi @businessuer,
Since it come from different source vlan, you need to create 2 policy route for vlan2 and vlan3/Zyxel_Cooldia said:Hi @businessuer,
Since it come from different source vlan, you need to create 2 policy route for vlan2 and vlan3/Vlan4
That is what I dont understand.
The WAN interface is layer 3 but previously you mentioned the trunk link.
This is where i get confused.
Pls clarify.0 -
Hi @businessuer,
It's not something like switch trunk/LACP.
Wan trunk is a group of external interface for Load balance and failover in gateway.
The setting is at "CONFIGURATION > Network > Interface > Trunk"
Use trunks for WAN traffic load balancing to increase overall network throughput and reliability. Load balancing divides traffic loads between multiple interfaces. you can add a customize wan trunk to define which interface need be active or passive interface.
Wan trunk
0 -
Zyxel_Cooldia said:Hi @businessuer,
It's not something like switch trunk/LACP.
Wan trunk is a group of external interface for Load balance and failover in gateway.
The setting is at "CONFIGURATION > Network > Interface > Trunk"
Use trunks for WAN traffic load balancing to increase overall network throughput and reliability. Load balancing divides traffic loads between multiple interfaces. you can add a customize wan trunk to define which interface need be active or passive interface.
Wan trunk
I am using NCC to control the firewall so I also am not sure where this settings are.0 -
Hi @businessuer,It does not support wan trunk for policy route at current design in NCC.I transfer this to idea section for evaluation.
Ideas:
https://community.zyxel.com/en/discussion/11879/customized-wan-trunk-for-policy-route-in-ncc#latest0 -
Zyxel_Cooldia said:Hi @businessuer,It does not support wan trunk for policy route at current design in NCC.I transfer this to idea section for evaluation.
Ideas:
https://community.zyxel.com/en/discussion/11879/customized-wan-trunk-for-policy-route-in-ncc#latest
A few questions.
1) Can you explain more about this customised wan trunk? In basic networking theory, a trunk is a layer 2 passing vlan but a wan is a layer 3 interface.
Maybe you can give me a weblink to read.
2) In the current scenario since I cannot use your customised wan link, that means I have to create a PBR for every single vlan right?0 -
Hi @businessuer,
1) Can you explain more about this customised wan trunk? In basic networking theory, a trunk is a layer 2 passing vlan but a wan is a layer 3 interface.
As mentioned above, Wan trunk is a group of external interface for Load balance and failover in gateway. it works on layer 3. This term in firewall is not something like switch trunk port.
2) In the current scenario since I cannot use your customised wan link, that means I have to create a PBR for every single vlan right?
Yes, it only can create one to one mapping for vlan to wan.0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight