In WRR Trunk Load Balancing, add "Bind all sessions from one IP" option on H series Zywall
Freshman Member
WRR distributes sessions among available WAN interfaces/lines.
However, this may have an adverse effect if multiple sessions from the SAME client are spread among WAN interfaces, effectively showing different IP addresses from the different interfaces. Some sites/apps/services require more than one session to be open, and the different origin of the connections trips some security alerts.
Some other manufacturers already have a "bind sessions from IP to interface": if checked, all sessions coming from one IP are bound to a single interface.
This reduces the effectiveness of the load distribution if there are just a few clients and only one of them opens a lot of sessions/transfers, but has a negligible impact on the distribution when there are more clients. At the same time, it solves the operatinal problems deriving from sessions "coming" from different WAN IPs
Comments
-
Wouldn't a routing rule works with wildcard FQDN like *.live.com?
So a top rule would look like.
Incoming LAN1
Destination address *.live.com
next hop WAN1So that when the client does DNS the routing rule uses a give WAN for IP's of *.live.com
or you can have a client given source IP to use I give WAN.
0 -
Hi @AndreaRP,
Thanks for sharing this idea. I have let our product team know this request and we will monitor this post, the comments and the votes, to evaluate this idea.
Zyxel Melen0
Guru Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 102 Nebula Status and Incidents
- 5.8K Security
- 305 USG FLEX H Series
- 283 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 255 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.7K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 77 Security Highlight
