Network Probe To WAN IPs For Backup Default Route

bfdonn

Hello,

We are trying to set up some back up routes for when our WAN fails. We have a layer 2 fiber connection between our sites and the SonicWALLs can reach each other over a LAN interface. The logic is, when WAN goes down, a routing policy will enable to route traffic through the main site and vice versa. The traffic would be routed over a LAN interface so we cannot use WAN failover and load balancing.

This actually works fine from the satellite site with only one WAN connection. There is a routing policy set to be disabled when a static probe succeeds. When that fails, a higher admin distance default route enables and traffic flows through the HQ. Works fine. The reason the probe is needed as even when WAN is in failover the default route with Admin Distance:20 appears to stays in the routing table so we need the backup route to have a lower admin distance.

From the HQ we have two WAN connections so an explicit Ping probe won't work as the probe needs to check both WAN interfaces are down and you must chose an outbound interface with explicit probes. In theory we could just do a probe that pings the WAN IPs but a probe to any WAN IP gets 0 responses. The firewall itself can successfully ping those IPs as ping is allowed on the network interface.

Is there a way to ping WAN interface IPs with network probes like the attached? Is there a better way to achieve our ends of routing to another SonicWALL behind a LAN interface when WAN fails?

wan_probe.pdf

Arkwright

"All WAN IPs" refers to the firewalls own WAN interface IPs. I am not sure that probing on this could ever be of any use to you.

My suggestion would be to move the L2 fibre connection outside of the firewalls so you can use the WAN F&LB logic to accomplish this.