Dual ISP In Firewall

businessuer
businessuer Posts: 134  Ally Member
First Anniversary Friend Collector First Comment
Current:
Assume that I have 2 wan port to 2 separate isp.
Traffic shaping is round robin.

What I want:
I want vlan 2,3 to go out via WAN port 1.
I want vlan 4 to go out via WAN port 2.

Question:
But If I only configure a PBR on vlan 4 to go out on WAN port 2.
There is no PBR for vlan 2 and 3.
Q1 Will vlan 2 and 3 be round robin or it will go out WAN 1 automatically?

Q2 For what I want, do I have to configure PBR for every vlan in that case? 

Q3 For PBR can I select outgoing interface instead of next hop ? 

«1

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Q1 Will vlan 2 and 3 be round robin or it will go out WAN 1 automatically?
    It depends on your default wan trunk setting. it is at "Configuration > Network > Interface"

    Q2 For what I want, do I have to configure PBR for every vlan in that case? 
    Based on your requirement, you need to create 2nd PBR for every vlan assume your default wan trunk setting both wan trunk are active.

    Q3 For PBR can I select outgoing interface instead of next hop ? 
    Based on your requirement, we would suggest to use trunk as next hop for each vlan interface.
    e.g. Create 2 customize wan trunk;
       Trunk A: Wan1 active , Wan2 Passive. 
       Trunk B: Wan1 passive , Wan2 active.
       Apply Trunk A in PBR for vlan2 and vlan3.
       Apply Trunk B in PBR fro vlan 4

  • Blabababa
    Blabababa Posts: 151  Master Member
    First Anniversary Friend Collector First Answer First Comment
    Q1: should be round robin since there's no policy route on vlan2 and 3
    Q2: yes if you want to identify the outgoing wan separately
    Q3: Yes you can

  • businessuer
    businessuer Posts: 134  Ally Member
    First Anniversary Friend Collector First Comment

    Q1 Will vlan 2 and 3 be round robin or it will go out WAN 1 automatically?
    It depends on your default wan trunk setting. it is at "Configuration > Network > Interface"

    Q2 For what I want, do I have to configure PBR for every vlan in that case? 
    Based on your requirement, you need to create 2nd PBR for every vlan assume your default wan trunk setting both wan trunk are active.

    Q3 For PBR can I select outgoing interface instead of next hop ? 
    Based on your requirement, we would suggest to use trunk as next hop for each vlan interface.
    e.g. Create 2 customize wan trunk;
       Trunk A: Wan1 active , Wan2 Passive. 
       Trunk B: Wan1 passive , Wan2 active.
       Apply Trunk A in PBR for vlan2 and vlan3.
       Apply Trunk B in PBR fro vlan 4

    Hi,
    Why should I be using a trunk?
    The Wan link is a layer 3 interface. 

    Is there any way NOT to configure a PBR for every single vlan?
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @businessuer,

    Since it come from different source vlan, you need to create 2 policy route for vlan2 and vlan3/Vlan4
  • businessuer
    businessuer Posts: 134  Ally Member
    First Anniversary Friend Collector First Comment
    Hi @businessuer,

    Since it come from different source vlan, you need to create 2 policy route for vlan2 and vlan3/Zyxel_Cooldia said:
    Hi @businessuer,

    Since it come from different source vlan, you need to create 2 policy route for vlan2 and vlan3/Vlan4
    Hi,

    That is what I dont understand.
    The WAN interface is layer 3 but previously you mentioned the trunk link.
    This is where i get confused.
    Pls clarify. 
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @businessuer,
    It's not something like switch trunk/LACP.
    Wan trunk is a group of external interface for Load balance and failover in gateway.
    The setting is at "CONFIGURATION  > Network > Interface > Trunk"
    Use trunks for WAN traffic load balancing to increase overall network throughput and reliability. Load balancing divides traffic loads between multiple interfaces. you can add a customize wan trunk to define which interface need be active or passive interface. 
    Wan trunk

  • businessuer
    businessuer Posts: 134  Ally Member
    First Anniversary Friend Collector First Comment
    Hi @businessuer,
    It's not something like switch trunk/LACP.
    Wan trunk is a group of external interface for Load balance and failover in gateway.
    The setting is at "CONFIGURATION  > Network > Interface > Trunk"
    Use trunks for WAN traffic load balancing to increase overall network throughput and reliability. Load balancing divides traffic loads between multiple interfaces. you can add a customize wan trunk to define which interface need be active or passive interface. 
    Wan trunk

    Can you explain more about this wan trunk?
    I am using NCC to control the firewall so I also am not sure where this settings are.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    It does not support wan trunk for policy route at current design in NCC. 
  • businessuer
    businessuer Posts: 134  Ally Member
    First Anniversary Friend Collector First Comment

    It does not support wan trunk for policy route at current design in NCC. 
    Hi Zyxel,
    A few questions. 
    1) Can you explain more about this customised wan trunk? In basic networking theory, a trunk is a layer 2 passing vlan but a wan is a layer 3 interface.

    Maybe you can give me a weblink to read.

    2) In the current scenario since I cannot use your customised wan link, that means I have to create a PBR for every single vlan right?
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @businessuer,
    1) Can you explain more about this customised wan trunk? In basic networking theory, a trunk is a layer 2 passing vlan but a wan is a layer 3 interface.
    As mentioned above, Wan trunk is a group of external interface for Load balance and failover in gateway. it works on layer 3. This term in firewall is not something like switch trunk port. 
    2) In the current scenario since I cannot use your customised wan link, that means I have to create a PBR for every single vlan right?
    Yes, it only can create one to one mapping for vlan to wan.

Security Highlight