Can SonicWall support two networks with seperate failovers
oldtechie
Newbie ✭
I have a client that wants to run 2 seperate networks each with dual ISP's and failover for each. Is there a SonicWall that will handle this. e.g.
Network 1 main ISP is Starlink secondary ISP is DSL
Network 2 main ISP is Starlink secondary ISP is a different DSL service than network 1
Category: Entry Level Firewalls
0
Best Answer
-
CORRECT ANSWER
BWC
Cybersecurity Overlord ✭✭✭
@oldtechie you can only have one Load Balancing & Failover Group, I would consider using this for Network 1.
Because you asked for "simple" Failover, Internet access for Network 2 could be accomplished with PBR (policy based routing).
SRC: Network 2 DST: Any GW: Starklink GW IP IF: X1 (or whatever Interface Starlink is connected to) Metric: 1 Disable Route when the Interface is disconnect or use a Network Probe for Logical Monitoring when Ethernet Interface is always up SRC: Network 2 DST: Any GW: DSL GW IP IF: X2 (or whatever Interface Starlink is connected to) Metric: 2 Disable Route when the Interface is disconnect or use a Network Probe for Logical Monitoring when Ethernet Interface is always up
This should work for you.
Further Reading over here:
--Michael@BWC
0
Answers
Thanks for the quick response. I have one furthere question. On network 2 if an external device requests a connection to a LAN device using a specific port number (e'g' 8080 for Unifi controller) will the connection be established if port forwarding has been defined on network 2 and the device on the LAN has a static IP? Starlink does not allow port forwarding so we want to access the device using the IP of the secondary ISP (Static IP). Can this work?
@oldtechie the reply packet for your NAT will have as Source IP the address of your secondary ISP, therefore it will be routed over the correct connection.
Have a look at the routing table and make sure to display Display&Custom and let it sort by priority. You'll see a default route for X2 IP (e.g. your secondary ISP) as Source Address which precedes your own curtom default routes.
--Michael@BWC
Thank you very much. I have been working with a third party company to implement this arrangement and they have insisted it can't be done. They told me that Network 2 could not have any form of failover and that as long as the Starlink is the primary then port forwarding would not work on either network 1 or 2. From your suggestion I would guess that configuring PBR for Network 1 would also result in being able to port forward to that LAN using the secondary ISP's static IP. If this works for both networks it overcomes all the issues we have with implementing the SonicWall.
@oldtechie well, I think there would be no PBR necessary for having port forwarding to Network 1, because of the fact that reply packets for your NAT will hold e.g. X3 IP (assume this is the DSL Interface for Network 1 secondary WAN) as source and routed accordingly as described above.
It's Friday evening and I might be somewhat exhausted, but I'am sure this is the way to go.
--Michael@BWC
I was told by the third party supplier that the Sonicwall would not monitor for incoming packets on the secondary ISP in failover mode. They said the secondary ISP is not active until the primary fails so any inbound request on the secondary would not be seen and therefore the connection would not be established.
@oldtechie this might be correct if LB&F is used in failover mode because there will be only one Default Route active, but there is always a Default Route as described above for the Interface IP and this is where your port forwarding is heading to from the WAN.
Just give it a shot and you'll it works, just make sure your Access Rules are correct as well.
Just have a look at the Routing Table (Policies) and you'll whats there and what not.
--Michael@BWC