Dual ISP In Firewall

businessuer
businessuer Posts: 70  Ally Member
Current:
Assume that I have 2 wan port to 2 separate isp.
Traffic shaping is round robin.

What I want:
I want vlan 2,3 to go out via WAN port 1.
I want vlan 4 to go out via WAN port 2.

Question:
But If I only configure a PBR on vlan 4 to go out on WAN port 2.
There is no PBR for vlan 2 and 3.
Q1 Will vlan 2 and 3 be round robin or it will go out WAN 1 automatically?

Q2 For what I want, do I have to configure PBR for every vlan in that case? 

Q3 For PBR can I select outgoing interface instead of next hop ? 

«1

Answers

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 813  Zyxel Employee

    Q1 Will vlan 2 and 3 be round robin or it will go out WAN 1 automatically?
    It depends on your default wan trunk setting. it is at "Configuration > Network > Interface"

    Q2 For what I want, do I have to configure PBR for every vlan in that case? 
    Based on your requirement, you need to create 2nd PBR for every vlan assume your default wan trunk setting both wan trunk are active.

    Q3 For PBR can I select outgoing interface instead of next hop ? 
    Based on your requirement, we would suggest to use trunk as next hop for each vlan interface.
    e.g. Create 2 customize wan trunk;
       Trunk A: Wan1 active , Wan2 Passive. 
       Trunk B: Wan1 passive , Wan2 active.
       Apply Trunk A in PBR for vlan2 and vlan3.
       Apply Trunk B in PBR fro vlan 4

  • Blabababa
    Blabababa Posts: 137  Ally Member
    Q1: should be round robin since there's no policy route on vlan2 and 3
    Q2: yes if you want to identify the outgoing wan separately
    Q3: Yes you can

  • businessuer
    businessuer Posts: 70  Ally Member

    Q1 Will vlan 2 and 3 be round robin or it will go out WAN 1 automatically?
    It depends on your default wan trunk setting. it is at "Configuration > Network > Interface"

    Q2 For what I want, do I have to configure PBR for every vlan in that case? 
    Based on your requirement, you need to create 2nd PBR for every vlan assume your default wan trunk setting both wan trunk are active.

    Q3 For PBR can I select outgoing interface instead of next hop ? 
    Based on your requirement, we would suggest to use trunk as next hop for each vlan interface.
    e.g. Create 2 customize wan trunk;
       Trunk A: Wan1 active , Wan2 Passive. 
       Trunk B: Wan1 passive , Wan2 active.
       Apply Trunk A in PBR for vlan2 and vlan3.
       Apply Trunk B in PBR fro vlan 4

    Hi,
    Why should I be using a trunk?
    The Wan link is a layer 3 interface. 

    Is there any way NOT to configure a PBR for every single vlan?
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 813  Zyxel Employee
    Hi @businessuer,

    Since it come from different source vlan, you need to create 2 policy route for vlan2 and vlan3/Vlan4
  • businessuer
    businessuer Posts: 70  Ally Member
    Hi @businessuer,

    Since it come from different source vlan, you need to create 2 policy route for vlan2 and vlan3/Zyxel_Cooldia said:
    Hi @businessuer,

    Since it come from different source vlan, you need to create 2 policy route for vlan2 and vlan3/Vlan4
    Hi,

    That is what I dont understand.
    The WAN interface is layer 3 but previously you mentioned the trunk link.
    This is where i get confused.
    Pls clarify. 
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 813  Zyxel Employee
    Hi @businessuer,
    It's not something like switch trunk/LACP.
    Wan trunk is a group of external interface for Load balance and failover in gateway.
    The setting is at "CONFIGURATION  > Network > Interface > Trunk"
    Use trunks for WAN traffic load balancing to increase overall network throughput and reliability. Load balancing divides traffic loads between multiple interfaces. you can add a customize wan trunk to define which interface need be active or passive interface. 
    Wan trunk

  • businessuer
    businessuer Posts: 70  Ally Member
    Hi @businessuer,
    It's not something like switch trunk/LACP.
    Wan trunk is a group of external interface for Load balance and failover in gateway.
    The setting is at "CONFIGURATION  > Network > Interface > Trunk"
    Use trunks for WAN traffic load balancing to increase overall network throughput and reliability. Load balancing divides traffic loads between multiple interfaces. you can add a customize wan trunk to define which interface need be active or passive interface. 
    Wan trunk

    Can you explain more about this wan trunk?
    I am using NCC to control the firewall so I also am not sure where this settings are.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 813  Zyxel Employee

    It does not support wan trunk for policy route at current design in NCC. 
  • businessuer
    businessuer Posts: 70  Ally Member

    It does not support wan trunk for policy route at current design in NCC. 
    Hi Zyxel,
    A few questions. 
    1) Can you explain more about this customised wan trunk? In basic networking theory, a trunk is a layer 2 passing vlan but a wan is a layer 3 interface.

    Maybe you can give me a weblink to read.

    2) In the current scenario since I cannot use your customised wan link, that means I have to create a PBR for every single vlan right?
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 813  Zyxel Employee
    Hi @businessuer,
    1) Can you explain more about this customised wan trunk? In basic networking theory, a trunk is a layer 2 passing vlan but a wan is a layer 3 interface.
    As mentioned above, Wan trunk is a group of external interface for Load balance and failover in gateway. it works on layer 3. This term in firewall is not something like switch trunk port. 
    2) In the current scenario since I cannot use your customised wan link, that means I have to create a PBR for every single vlan right?
    Yes, it only can create one to one mapping for vlan to wan.

Security Highlight