Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register
Options

Help to configure redundancy

AngelAngel Newbie ✭
in Mid Range Firewalls

Hello,

I would like to set up redundancy on my MPLS line. To do this, I need to configure my SonicWall.

I have a backup line and a main line. The main line is always up, and the backup line is down until the main line is down.

I tried to do the configuration with port redundancy, but unfortunately it doesn't work as we'd like, as the link to the switch is always up.

So I tried the other possibility with LAG but as it does round-robin then, there are packets that are lost.

What can I do to achieve what I want ? Or is there any other way to do what I want?.

Thank you in advance for your help.

network diagram : https://ibb.co/LJg7Hbq

Category: Mid Range Firewalls
Reply

Answers

  • Options
    MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    Hello @Angel


    I think you have asked on the reddit same question. I wrote a simple and basic explanation. You should create Network monitor probe on the interface and check mpls remote site ip via ping or tcp destinations.



    https://www.sonicwall.com/support/knowledge-base/configuring-network-monitor-policies-to-monitor-a-network-path-viability/170503311470747/


  • Options
    AngelAngel Newbie ✭

    Hello,

    Thank you for your reply.

    yes indeed, it's to get more opinions.

    Unfortunately, I can't assign the same ip for two interfaces as with HSRP in cisco.

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    If there is an HRSP "community" that represents 172.16.10.6 then why do you think you need to use four Sonicwall interfaces for this one network?

    Forget about X13. Set gateway to 172.16.10.6 on X12. Whichever of FW-A or FW-B is active will route traffic to it. Whichever of 200M router or 10G router is active will handle it. The Sonicwall HA and the Cisco HSRP are analogous here.

    The above seems straightforward, so presumably there is some subtlety here that is eluding me.

  • Options
    MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    could you draw network schema with ip segments and port connections?

    we need more information.

  • Options
    AngelAngel Newbie ✭
    edited December 2023

    Hello @MitatOnge,


    Thank you for your answers.


    Here is the network diagram with the information you requested. In red, this is the interface I'm trying to configure with the same IP address, but can't, and I can't use an address from the same subnet either.


    Best regards


    schemaSonicwall.PNG


  • Options
    MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    Hello ,

    Thank you for information.

    I am curious. I think you are using NSA series Sonicwall and on this model Lag has different load balance types like below screenshot.. did you try them? I you cannot change the mpls interface zone as WAN, I don't see another options.


    Screen Shot 2023-12-01 at 16.41.54.png


  • Options
    AngelAngel Newbie ✭

    Hello,


    thank you for your reply.


    I didn't try the lag from the switching > link aggregation section but from the interface directly, as indicated in the documentation. "The firewall uses a round-robin algorithm for load balancing traffic across the interfaces in a Link Aggregation Group." So, as the backup line is down, some packets are lost.


    Best regards

  • Options
    prestonpreston Enthusiast ✭✭
    edited December 2023

    Hi Angel, the LAG is probably the best way to go but as you are using HA you will need to enable the below in the HA Advanced Settings Page otherwise if one of the LAG Interfaces goes down it will Failover the SonicWall devices which is not what you want

    image.png


  • Options
    AngelAngel Newbie ✭

    Hello,

    Thank you for your reply, yes, but it doesn't solve the problem that lag makes roundrobin.

    Best regards

Sign In or Register to comment.