More improvements to DDNS Backup Address

PeterUK
PeterUK Posts: 3,645  Guru Member
100 Answers 2500 Comments Friend Collector Seventh Anniversary
edited March 4 in Security Ideas

FLEX H models

In some cases ARP to gateway may not fail causing DDNS not to failover to backup so if DDNS tries the Primary Address (plus Checking Public IP URL) and does not reply it should use Backup Address.

DDNS uses whats listed in Trunk and does not use the Backup Address causing the IP to not update at DDNS end example Trunk with just VLAN443 with DDNS Backup Address VLAN31 will not use VLAN31 to send DDNS traffic out that interface same with Primary Address.

1
Up Down
1 votes

Active · Last Updated

Comments

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,993  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @PeterUK,

    We appreciate your input. Our product team will monitor the comments and votes on this idea for evaluation.

    If anyone likes this idea, please feel free to leave your comment and give it a vote.

    Zyxel Melen


  • Zyxel_Melen
    Zyxel_Melen Posts: 2,993  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @PeterUK,

    After checking with our team, the USGFLEX H firewall uses the backup interface when the primary link is disabled, link down, or connectivity check fails.

    Also, our team wants to know "why you want to switch to secondary interface when primary interface ARP is not failed?" Could you share the reason with us?

    Zyxel Melen


  • PeterUK
    PeterUK Posts: 3,645  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited March 13

    In my case I do not have a second ISP that allow inbound but I'm sure some do and it was just to insure the secondary interface happens but you say if connectivity check fails which I did not test so I guess that would work.

    The reason "why you want to switch to secondary interface when primary interface ARP is not failed?" is that in rare times my main ISP has no internet but there WAN gateway is up meaning DDNS send TCP to update on primary interface and will not fail so the idea is if DDNS TCP update fails to connect to the DDNS server it would switch to secondary interface. Its also the case that some ISP don't give you the WAN IP in which case router ARP stays up.

    Of course this would not work for DDNS set to Interface or auto? and only for Public IP where it check what IP your on but if Interface or auto can send a TCP SYN every 5 Minutes should Interface or auto IP by DHCP not change but you fail to get a TCP SYN, ACK then it would swich to secondary interface.

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)