Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

2 WAN-Links (use primary one, and only if failover the second) - Problem with DNAT on failover Interface

Hello,

we have an question because in the past we have problems with DNAT when configuring our two WAN-links as active/passive.

As a workaround we configured the two interfaces as active/active, but now the problem is the second link (which is limited by used data - mobile access) will used in round-robin. 

What we need is:

All devices should use WAN1 (fixed 5Gbits Access to ISP) for traffic to the internet. Only when WAN1 is down the devices behind XGS (and the XGS itself for traffic to Central) can use WAN2 (mobile data) for an "emergency" option.  

What we see in the past is:

When we configured WAN1 as active and WAN2 as passive -> DNATs from Internet which pointing on WAN1 works perfect.
But DNATs from Internet which poiting on WAN2 are not reachable -> i think the incoming traffic will be ok, but XG uses in same tcp-connection WAN1 for outbound traffic back to the customer. 

Anyone has an solution for these?



Added TAGs
[edited by: Raphael Alganes at 10:20 AM (GMT -8) on 26 Nov 2024]
Parents
  • Do you already tried active/active interfaces (necessary for inbound traffic on both) with SD-WAN routing for outbound traffic (for all traffic use gateway 1 ... if down use gateway2) ??


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • Do you already tried active/active interfaces (necessary for inbound traffic on both) with SD-WAN routing for outbound traffic (for all traffic use gateway 1 ... if down use gateway2) ??


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
No Data