Firewall Backup Interface I-Note
Zyxel Employee
Firewall Backup Interface I-Note
Overview of the Update
In the latest update for USG FLEX and ATP firewalls, we have introduced a minor but important enhancement to the WAN load balancing feature. This update includes additional notes in the I-Note section of the WAN load balancing settings, providing users with crucial information about backup interface behavior.
WAN Load Balancing in Routing
WAN load balancing can be found under the routing settings of your firewall. This feature allows you to distribute traffic across multiple WAN interfaces to optimize bandwidth and ensure redundancy.
Typical WAN Load Balancing Setup
In a common setup, you might have:
- ISP 1: Primary active connection
- ISP 2: Secondary backup connection, often used with metered services
Use Case: Metered ISP Backup
A metered ISP charges based on the amount of data transferred. Typically, the backup interface (ISP 2) is used only when the primary interface (ISP 1) fails. This setup is designed to minimize costs by limiting traffic on the metered connection.
Important Note: Periodic Keep-Alive Packets
One critical issue we identified is that even when ISP 2 is set as a backup and not actively handling client traffic, the firewall still sends periodic keep-alive packets over this interface. These keep-alive packets ensure the backup connection is ready to take over if the primary connection fails.
Implications for Metered Connections
- Periodic Keep-Alive Traffic: Small amounts of data sent periodically to verify the backup connection’s availability.
- Cost Impact: While the data volume is minimal, it is not zero and can incur small charges from the metered ISP.
Enhancements in the I-Note
To address this, we have added specific notes in the I-Note section under WAN load balancing settings. These notes inform users about the periodic keep-alive traffic on backup interfaces, particularly relevant for those using metered ISPs.
Steps to Access the I-Note
- Navigate to Routing Settings: Go to the routing section on your firewall’s configuration interface.
- Select WAN Load Balancing: Click on WAN load balancing to view and adjust your settings.
- Review the I-Note: Locate the I-Note section for detailed information about backup interface behavior.
Recommendations for Users
- Monitor Usage: Be aware of the periodic keep-alive packets and monitor your metered ISP usage to avoid unexpected charges.
- Plan Accordingly: Consider these keep-alive packets when budgeting for metered ISP costs, even if the primary intention is to minimize traffic on the backup interface.
Conclusion
The updated I-Note in the WAN load balancing settings of USG FLEX and ATP firewalls provides essential information for users relying on metered ISPs for backup connections. By understanding the behavior of keep-alive packets, users can better manage their network costs and ensure their backup interfaces are configured to meet their needs effectively.
Categories
- All Categories
- 413 Beta Program
- 2.3K Nebula
- 192 Nebula Ideas
- 87 Nebula Status and Incidents
- 5.3K Security
- 142 USG FLEX H Series
- 253 Security Ideas
- 1.3K Switch
- 75 Switch Ideas
- 993 Wireless
- 51 Wireless Ideas
- 6.1K Consumer Product
- 231 Service & License
- 362 News and Release
- 74 Security Advisories
- 23 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 101 About Community
- 67 Security Highlight