Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Help to configure redundancy

Hello,

I would like to set up redundancy on my MPLS line. To do this, I need to configure my SonicWall.

I have a backup line and a main line. The main line is always up, and the backup line is down until the main line is down.

I tried to do the configuration with port redundancy, but unfortunately it doesn't work as we'd like, as the link to the switch is always up.

So I tried the other possibility with LAG but as it does round-robin then, there are packets that are lost.

What can I do to achieve what I want ? Or is there any other way to do what I want?.

Thank you in advance for your help.

network diagram : https://ibb.co/LJg7Hbq

Category: Mid Range Firewalls
Reply

Answers

  • MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    Hello @Angel


    I think you have asked on the reddit same question. I wrote a simple and basic explanation. You should create Network monitor probe on the interface and check mpls remote site ip via ping or tcp destinations.




  • AngelAngel Newbie ✭

    Hello,

    Thank you for your reply.

    yes indeed, it's to get more opinions.

    Unfortunately, I can't assign the same ip for two interfaces as with HSRP in cisco.

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    If there is an HRSP "community" that represents 172.16.10.6 then why do you think you need to use four Sonicwall interfaces for this one network?

    Forget about X13. Set gateway to 172.16.10.6 on X12. Whichever of FW-A or FW-B is active will route traffic to it. Whichever of 200M router or 10G router is active will handle it. The Sonicwall HA and the Cisco HSRP are analogous here.

    The above seems straightforward, so presumably there is some subtlety here that is eluding me.

  • MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    could you draw network schema with ip segments and port connections?

    we need more information.

  • AngelAngel Newbie ✭
    edited December 2023

    Hello @MitatOnge,


    Thank you for your answers.


    Here is the network diagram with the information you requested. In red, this is the interface I'm trying to configure with the same IP address, but can't, and I can't use an address from the same subnet either.


    Best regards



  • MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    Hello ,

    Thank you for information.

    I am curious. I think you are using NSA series Sonicwall and on this model Lag has different load balance types like below screenshot.. did you try them? I you cannot change the mpls interface zone as WAN, I don't see another options.



  • AngelAngel Newbie ✭

    Hello,


    thank you for your reply.


    I didn't try the lag from the switching > link aggregation section but from the interface directly, as indicated in the documentation. "The firewall uses a round-robin algorithm for load balancing traffic across the interfaces in a Link Aggregation Group." So, as the backup line is down, some packets are lost.


    Best regards

  • prestonpreston Enthusiast ✭✭
    edited December 2023

    Hi Angel, the LAG is probably the best way to go but as you are using HA you will need to enable the below in the HA Advanced Settings Page otherwise if one of the LAG Interfaces goes down it will Failover the SonicWall devices which is not what you want


  • AngelAngel Newbie ✭

    Hello,

    Thank you for your reply, yes, but it doesn't solve the problem that lag makes roundrobin.

    Best regards

Sign In or Register to comment.