Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Can SonicWall support two networks with seperate failovers

I have a client that wants to run 2 seperate networks each with dual ISP's and failover for each. Is there a SonicWall that will handle this. e.g.

Network 1 main ISP is Starlink secondary ISP is DSL

Network 2 main ISP is Starlink secondary ISP is a different DSL service than network 1

Category: Entry Level Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Answer ✓

    @oldtechie you can only have one Load Balancing & Failover Group, I would consider using this for Network 1.

    Because you asked for "simple" Failover, Internet access for Network 2 could be accomplished with PBR (policy based routing).

    SRC: Network 2
    DST: Any
    GW: Starklink GW IP
    IF: X1 (or whatever Interface Starlink is connected to)
    Metric: 1
    Disable Route when the Interface is disconnect or use a Network Probe for Logical Monitoring when Ethernet Interface is always up
    
    SRC: Network 2
    DST: Any
    GW: DSL GW IP
    IF: X2 (or whatever Interface Starlink is connected to)
    Metric: 2
    Disable Route when the Interface is disconnect or use a Network Probe for Logical Monitoring when Ethernet Interface is always up
    

    This should work for you.

    Further Reading over here:

    --Michael@BWC

Answers

  • oldtechieoldtechie Newbie ✭

    Thanks for the quick response. I have one furthere question. On network 2 if an external device requests a connection to a LAN device using a specific port number (e'g' 8080 for Unifi controller) will the connection be established if port forwarding has been defined on network 2 and the device on the LAN has a static IP? Starlink does not allow port forwarding so we want to access the device using the IP of the secondary ISP (Static IP). Can this work?

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @oldtechie the reply packet for your NAT will have as Source IP the address of your secondary ISP, therefore it will be routed over the correct connection.

    Have a look at the routing table and make sure to display Display&Custom and let it sort by priority. You'll see a default route for X2 IP (e.g. your secondary ISP) as Source Address which precedes your own curtom default routes.

    --Michael@BWC

  • oldtechieoldtechie Newbie ✭

    Thank you very much. I have been working with a third party company to implement this arrangement and they have insisted it can't be done. They told me that Network 2 could not have any form of failover and that as long as the Starlink is the primary then port forwarding would not work on either network 1 or 2. From your suggestion I would guess that configuring PBR for Network 1 would also result in being able to port forward to that LAN using the secondary ISP's static IP. If this works for both networks it overcomes all the issues we have with implementing the SonicWall.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @oldtechie well, I think there would be no PBR necessary for having port forwarding to Network 1, because of the fact that reply packets for your NAT will hold e.g. X3 IP (assume this is the DSL Interface for Network 1 secondary WAN) as source and routed accordingly as described above.

    It's Friday evening and I might be somewhat exhausted, but I'am sure this is the way to go.

    --Michael@BWC

  • oldtechieoldtechie Newbie ✭

    I was told by the third party supplier that the Sonicwall would not monitor for incoming packets on the secondary ISP in failover mode. They said the secondary ISP is not active until the primary fails so any inbound request on the secondary would not be seen and therefore the connection would not be established.

  • BWCBWC Cybersecurity Overlord ✭✭✭
    edited April 2023

    @oldtechie this might be correct if LB&F is used in failover mode because there will be only one Default Route active, but there is always a Default Route as described above for the Interface IP and this is where your port forwarding is heading to from the WAN.

    Just give it a shot and you'll it works, just make sure your Access Rules are correct as well.

    Update: 
    I have to correct myself, when Type Basic Failover is used then there are multiple Default Routes 
    (for Source ANY). This might be different when used as Final Backup.
    

    Just have a look at the Routing Table (Policies) and you'll whats there and what not.

    --Michael@BWC

Sign In or Register to comment.