Flex200 - maybe routing policy limitation?

GiuseppeR
GiuseppeR Posts: 286  Master Member
Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula First Comment Friend Collector
edited November 12 in Nebula

Hello everyone,

I need to split my LAN, routing its traffic to WAN1 and WAN2.

Considering public IP (WAN1) and speed (WAN2).

So I have LAN_IP1 to go on the internet via WAN1, while the rest of LAN1 via WAN2.

WAN1 is only for a specific IP assigned to a server (and for emergency internet backup).

So I set the active rule to have LAN_IP1 via Next-Hop WAN1:

immagine.png

Telling the firewall that WAN1 is the backup interface I have all the LAN1 going to internet via WAN2 until WAN2 is down and when WAN2 is down LAN1 goes on the internet with backup interface (WAN1).

The problem is when WAN1 is down, because the LAN_IP1 will go offline too: it is a server and if WAN1 is down it would be not reachable remotely in any way.

Is there a way to tell the firewall that LAN_IP1 has to go online "preferably" with WAN1 and ONLY if WAN1 is down to go via WAN2?

I have similar issues with another Company where I have WAN1, WAN2, WAN3:

immagine.png

As you can see I can tell the firewall to route specific items via WAN1 or WAN2, while WAN3 is a backup, but when WAN3 is working I have those 2 rules offline.

It could be a problem becuase one of those rules are related to a VLAN for VoIP phones, so having only WAN3 (poor LTE performance compared to fiber WAN2) could give zero phone availability

All Replies

  • PeterUK
    PeterUK Posts: 3,385  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    So with rule LAN_IP1 via WAN1 you set a interface ping check on that rule when ping check fails it will go to the next rule

  • GiuseppeR
    GiuseppeR Posts: 286  Master Member
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula First Comment Friend Collector

    LAN_IP1 to WAN1 is needed because I need to open a specific port on a specific IP for external service that has to be reachable from internet

  • PeterUK
    PeterUK Posts: 3,385  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    But did you want LAN_IP1 to use WAN2 when WAN1 is down?

  • GiuseppeR
    GiuseppeR Posts: 286  Master Member
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula First Comment Friend Collector

    Yes @PeterUK

    because LAN_IP1 is remotely managed so it is useful to route it via WAN1 to let users have daily access to some open ports from WAN area but if WAN1 is down you cannot either remote manage that old server.

    Making the rule LAN_IP1 to use WAN1 preferably would be better so LAN_IP1 uses WAN1 if WAN1 is UP otherwise LAN_IP1 goes via WAN2 at least being reachable for remote management.

    It seems strange to me that you cannot tell the firewall to route LAN_IP1 via Next-Hop WAN1 if WAN1 is UP then to route it via WAN2 as a backup interface if WAN1 is DOWN. It is the same idea that let you use another WAN if the main one is down.

Categories

Nebula Tips & Tricks


    Read more

    Nebula Help Center

    EnglishTiếng ViệtРусскийไทย中文(台灣)