Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
I configured a second WAN today. It looks good.
Now I have two ISP’s. If WAN1 goes down. WAN2 will take over. Thats what I wanted.
Now I do have an external domain registrar. For example hostgator.com. I have my external IP of my WAN1 in there. It redirects to the domain name for example: WAN1.
When WAN1 goes down, rds.example.com will not work. I have to go manually to the registrar hostgator and change the records to the External IP of WAN2.
This should be different. Is there something that I could change in the firewall? Any address that I can add to my hostgator DNS. So when WAN1 goes down. It keeps working on WAN2.
Scenario1: What if i setup free dns on the interfaces. Is that possible? Then I go to my hostgator registrar and setup a cname from example.freedns to rds.example.com. I remove both a records from hostgator.
Scenario2: I add both IP addresses in my registrar and I give them priority. Or is this not possible with a records?
Scenario3: I have to buy managed dns (what I dont want)
I hope you understand it. Thank you!
Usually registrars do not provide failover options by default.Second scenario is kind of load balancing and not a failover . I would recommend to go with scenario 3.
You can purchase dns failover solution from dnsmadeeasy.com.Cost is quite less compared to other providers.
In reply to Support Chn:
Isn’t it possible to use Dynamic DNS in the sophos. And make a cname in the registrar pointing to it. I am talking about Scenario1. Or isn’t it possible to have two WAN interfaces going to the same Dynamic DNS?
Scenario2: If i would make the WAN1 priority 10 and WAN2 priority 20. Wouldnt all connections go to WAN1 and if it’s down, it goes to WAN2? I see it as a failover and not as load balancing.
In reply to sindbad:
FloSupport Can you share your advice?
How does a registrar know if a link is down? You need to understand how a dns failover solution works.
DNS failover solution constantly queries a specific port on WAN1 and if the provider is unable to reach the port,it will automatically remove the WAN1 entry and adds WAN 2 until WAN1 comes up. You can reduce the TTL to seconds so that your client's local DNS cache switches fast.
What do you think happens if a WAN link with lower priority goes down? Your local DNS client or the registrar will not switch all packets to next WAN 2. There is no use of DNS failover solution if registrars can do that.
I agree with what Support Chn has mentioned. This scenario is what a DNS failover solution is designed for.