Failover internet between two Sonicwall 2650's
I'm doing some tests with Sonicwall 2650's at two sites a mile apart from each other. Each Sonicwall has a WAN interface going to their own fiber internet connection, a LAN interface going to the LAN, and a LAN interface going to each Ubiquity AirFiber antenna which connects the two sites. What I'd like to do is if internet goes down at one location, the LAN hosts are then routed through to the opposite side's internet connection.
I'm looking at the failover section, and I like the features and load balancing, but is using this feature feasible even though I have to point it to a LAN interface(The antenna), since it wants a WAN interface? or should I strictly be using routing policies to set this up?
Best Answers
-
BWC Cybersecurity Overlord ✭✭✭
@Frodo_Baggins IMHO you should strictly use WAN Interfaces, just use a dedicated Interface on your NSa 2650 and attach the AirFibers to it, assign this Interface to WAN zone and you're good to go.
Having the bridge on your LAN IMHO is just complicating things.
If you're doing multiple VLANs over the bridge I might reconsider my opinion. :)
--Michael@BWC
1 -
BWC Cybersecurity Overlord ✭✭✭
@Frodo_Baggins ok ok, I was so focussed on this two locations situation that I did not realized that you just wanna share your internet connection from the other side via AirFiber if one side fails.
If the AirFiber is exclusively used for this purpose I guess I would go the route mentioned above. You need to do the following steps on each side
- create an AirFiber Zone of type public
- attach this Zone to an Interface which is used for the transfer
- use a transfer network between the locations, e.g. 192.168.255.0, host .1 on the left, and .2 on the right
- create a default route on each side with a higher metric than the existing default route pointing to the other side as gw
- create access rules allowing traffic from lan to airfiber and from airfiber to wan
- create a nat rule which hides your lan to the interface ip of your AirFiber interface
I guess that should be it. Thats for client traffic only, if you need to publish ports to the internet you have to put some more salt into it.
--Michael@BWC
1
Answers
Thanks for the reply. So, basically I'm creating a WAN interface with the parent interface being the one connected to the AirFiber going to the other site. I'm then configuring this interface with the same IP info of that AirFiber and making the gateway the Sonicwall wall on that side? (I realize I might be totally off here)
@Frodo_Baggins ok, I try to give a little bit more thought into this.
I'am assuming you're running a VPN Tunnel Interface between your two locations via the fiber internet connection? If this is your primary connection between these two, you should create a route for this with a Metric of 1. If the route gets disabled when Interface not up it automatically switches to the next.
Then forget what I've wrote about the WAN and AirFiber and use a Zone of your liking (I would call it AirFiber or something similar) and attach it to a Interface, where you create a transfer network for the AirFiber bridge. Add a additional route for the remote network reachable via the remote AirFiber.
You have to do this on both ends.
At the end the traffic is flowing via VPN and if the tunnel gets down it automatically falls back to the AirFiber.
I hope this is your goal?
--Michael@BWC
So, each site has fiber internet going out, but there is no VPN tunnel between the two. The AirFibers just form a p2p link between the two sites via line of sight.
@BWC
Thanks, this is great. I really appreciate all the detailed info.