TZ270 Set Up to run 2nd web server with current configurations settings from main server
Hopefully I'm asking this question correctly as I am a newbie .
We currently have a TZ270 that has 2 web servers running on it and want to add the second server as a backup to the main production server.
We need to configure the second server in the LAN zone to run the same sites from the main server using all of the main server configurations with port forwarding WAN to LAN.
Can this be done without conflict between main and secondary?
If so, can I just clone all of the objects setups from the main server with Port forwarding and and just change the LAN IP to the (2 server) without it conflicting with the main server current port forwarding setup?
Also is there a way to turn these rules on/off as needed to the 2 server if this setup is possible in the 7os?
Main server is connected direct to Sonciwall Port.
2nd server is on the LAN side.
All servers are set up using port forwarding from WAN to LAN each on different internal IP's and sub nets.
Any help or directions would be great!
Best Answer
-
BWC Cybersecurity Overlord ✭✭✭
@Maui first I strongly advice against publishing a Web Server from the LAN. The best case scenario for resolving your demand would be a reverse proxy in the DMZ which distributes the requests to your Web Servers depending on availability.
But I assume this is not a viable solution in your case?
The only other option which comes into my mind is doing a NAT Load Balancing, sorry no simple Failover.
You would need two Access Rules, one from WAN to DMZ-Port (Web-Server 1) and one from WAN to LAN (Web-Server 2), use your public IP as Destination in both cases.
That should work, but be aware that the requested are always distributed across both servers.
--Michael@BWC
2
Answers
@BCW Thank you for your response. I had searched these forums for a while and you put me down the right path. I understand that there is no auto Failover at this time per Sonicwall support. Maybe Sonicwall will look at this and implement some option down the road. In the mean time using this NAT Load Balancing process should work for us.
Thanks again for your help!
--Ricky@Maui