OPT interface used for primary external interface often get override by WAN interface
Freshman Member
One is configured to use the WAN1 interface, the second is configured to use WAN2 interface, and the third one use the OPT interface.
Actually we always want to use the OPT interface for all incoming and outgoing traffic, aka our external IP must be the one provided by the third ISP.
To obtain this behavior we initially applied the following configuration under Configuration > Network > Interface > Trunk : we added a "User configuration" that defined the primary interface using the Weighted round robin algorithm.
This actually work most of the time, but at every firewall reboot the firewall start to use WAN1 as the default external interface, and lately the system started to suddenly switch from OPT to WAN1 very often and randomly.
There is some known bug on the firewall feature "default Trunk", or we miss configured something, or maybee the reason is the fact/nature of OPT interface itself to cause the unexpected switch (it's purpose is generic and can be used either as an internal or an internal interface) ?
Many thanks for the attention and for the help eventually
Best regards
All Replies
-
What happens if you make a top routeing rule with:
incoming = interface
member = LAN1
next hop
type = interface
interface = OPT
1 -
Thank you for the suggestion, I'm trying to understand if I'm looking at the correct configuration,
I go under Configuration > Network > Routing (tab) > Add (button)
But the config parameters are different than the one you listed
0 -
Your on the right settings
where “incoming” is select “interface” this adds a member box select LAN1 or to have any LAN leave incoming as any.
Under next-hop for “type” select Interface then under that their by interface select OPT
At the bottom with show advanced check enable connectivity check and check this address to like 8.8.8.8 or your ISP WAN gateway. This allow for the rule to disable so other WAN gateways on WAN1 can be used when ping fails on OPT.
1 -
Hi @phphil
You may consider Spillover of Trunk.
First, navigate Network > Interface > Ethernet > edit WAN1, WAN2, OPT bandwidth e.q. their bandwidth is 1Gbps.
Second, navigate Network > Interface > Trunk > Add a Spillover configuration and move your OPT port to the highest position.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0 -
I've noticed later on, that all the VPN tunnels won't work anymore after adding the Routing rule. The rule work perfectly for fixing the main issue, but it interfere with the VPN connections.
The VPN connections are configured to use the OPT interface already, so I don't really see why the tunnel goes down as soon as I enable the routing rule.
I've already tried to tweak the rule changing the incoming interface, avoiding use the "Any (Excluding Zywall)", but using specific LAN interface (we have 3 LANs i've created 3 separate routing rules). But this won't work neither, Site to site vpn tunnels goes down.
Any idea what could cause this?0 -
Is this with the newest firmware?
do the tunnels nailed-up your side?
Do you only have one WAN IP to the OPT?
Seems like a bug I can't see why that routing rule would cause that.
What you could try for the routing rule is set “source address” for your LAN subnet.
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
