Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 41 subscribers
  • Views 2588 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configure two WAN for WIFI zone

Authorized

Added second WAN zone network port5

ipv4 192.168.101.2/27
gateway ip 192.168.101.1 


SSID new network 

DHCP

Firewall Rule

WAN link manager information

able to connect Tablet to Wifi and i get DCHP release

result block firewall rule not matched. if i remove port 5 and select any the traffic goes from port 2 original WAN zone interface which i do not want to use at all.

I must create new wifi and route the traffic on separate WAN interface 

I would appreciate some help and confirm what is wrong with my configuration.

Thank you



This thread was automatically locked due to age.
  • 0

    This is a bit confusing. Are you trying to configure two APs to go to two different WANs? Or are you trying to have your current WiFi zone (which might have multiple APs, not sure if that's part of your use case) load balance across two WANs? Or failover? Or to go to the second WAN and ignore the original WAN? (In the last case, using one WAN for WiFi and the other WAN for non-WiFi traffic?)

  • 0 in reply to Wayne Folta

    SSID/networks are allowed limited to 8 ( the 8th new network SSID must not use default WAN ISP XXXX )
    Looking to configure SSID network with its own DHCP with a second WAN interface that uses different ISP vendor

    suspecting firewall rule that is not liking destination network port5 ( WAN2 )
    troubleshooting steps:

    - Connected to the SSID
    - Getting DCHP addrr
    - Ping gateway and interface 192.168.101.1 <-->  192.168.101.2 =ok

    switching destination networks port5 to any all traffic route out trough defautl WAN interface but adding port5 WAN2 no traffic


    what am trying to achieve is to have indepent isolate New WIFI Network ---->  secondary WAN

    Thank you

  • 0

    Your Firewall Rule allows traffic to the interface itself.

    IF you want to allow traffic to WAN, remove the #Port object and use ANY. SFOS will take care to match it for all WAN Interfaces. 

    The #Port Interface is the IP of the interface itself and does not include all traffic going out to this interface. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    And if you want to route the traffic only over the second WAN Interface, you have to create a SD-WAN Route for this. Simply configure the WAN2 as Backup in WAN link manager (so no other traffic will use it) and create a SD-WAN Route for your Wireless LAN as Source and Destination Internetv4 - Then use the WAN2. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi Toni,

    i just created NEW SDWAN route & cannot get any traffic result blocked


    incomfing interface NEW SSID ( 192.168.25.3) 

    source network WIFI  subnet 192.168.25.0/27

    Destination port5  192.168.101.2 

    WAN LINK manager type changed to backup

    Note: did not remove any of the above config & kept firewall rule


     

  • +1 in reply to Authorized

    Do not use #Port5 in anything. It will not work. It is the wrong approach. 

    Replace Port5 in the firewall rule with ANY.

    Replace Port5 in the SD-WAN Rule with ANY. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    SD-WAN config + firewall rule worked, trafiic route on dedicated port
    Thank you 

  • 0 in reply to Authorized

    You can also replace ANY with "Internetv4" to be more specific. 

    __________________________________________________________________________________________________________________

Unfiltered HTML