USG 210 - weird behaviour during WAN failover

the_maxtor
the_maxtor Posts: 3
Friend Collector
in Security
Hi community, this is my first post here.
I'm playing with a Zyxel USG 210, I'm trying to configure properly the WAN failover feature.
We have 2 WAN connection, WAN1 is pure ethernet with static IP, WAN2 is a PPPoE connection over VLAN 100, which parent's interface is WAN2. Connectivity check is also enabled on both WAN1 and PPPoE interfaces and the IP address to ping is 1.1.1.1

Default Trunk is a custom spillover Trunk, with PPPoE interface set as active and WAN1 as passive. 

We also configured 2 policy routes, for outbound connection for LAN clients. The first policy route said that traffic from LAN1 interface to any other destination should use PPPoE interface and the second policy route said that traffic from LAN1 interface to any other destination should use WAN1 interface.

When we completed the configuration we wanted to test the failover, in order to be sure it works properly. 
Scenario1: We remove cable from WAN2 (the internet connection we use as primary), no issue whatsoever, the firewall failover to WAN1 correctly
Scenario2: We remove cable from WAN1 (the secondary internet connection) the clients are not able to reach the internet anymore. Traceroute from clients stops at 1st hop (the firewall), PPPoE connection is still up, but for some reason the firewall removes both default routes for WAN1 and WAN2/PPPoE, even if it should remove only the default route of the disconnected interface: WAN1 . If we disconnect and connect again the PPPoE interface then the firewall add the default route for WAN2/PPPoE and everything starts working again. Why is that? Did anyone have this same issue?


All Replies

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)