Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 13691 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Standby uplink interface not remaining up

RobertHafner

We have two internet connections- a fiber line and a cable line. Both are connected to the internet.

When both are "active" it breaks everyone's email. For some reason the Apple Mail.app client does not get along with Google when both interfaces are active- it just hangs the mail client.

However, if I put one as active and the other as standby it actually turns the standby interface off. This is a serious problem for us because we're using that second interface (the fiber line) as our AWS VPN gateway. So when we put that interface as the standby interface it breaks our VPN.

What is the best way to set this up so we can keep our AWS VPC VPN on the fiber line but still only use that fiber line as a backup for general internet usage?



This thread was automatically locked due to age.
Parents
  • 0

    Just came across this myself, this has to be the most asinine decision I've come across yet for these UTMs. How can I monitor my backup internet connection if the interface is disabled? Why would you want to wait for the interface to come back up and negotiate once the primary uplink is determined to be down? I'm flabbergasted at the stupidity of this design decision.

Reply
  • 0

    Just came across this myself, this has to be the most asinine decision I've come across yet for these UTMs. How can I monitor my backup internet connection if the interface is disabled? Why would you want to wait for the interface to come back up and negotiate once the primary uplink is determined to be down? I'm flabbergasted at the stupidity of this design decision.

Children
  • 0 in reply to JoshuaFreeman

    Yup, it is an utterly stupid decision that defeats the entire point of having an Active/Standby system. The engineers who made this call were clearly not thinking.

  • 0 in reply to RobertHafner

    I believe that design was made in the interest of flexibility. You can setup dual WAN in a couple of different ways. Two of the more popular methods we use are active/active interfaces with weights and active/standby. The active/active can be set like the above comments where you can define multipath rules but weighting seems to be a little easier. Click the wrench icon in the active interfaces box and set the weight of the "primary" to 100 or something 1 or higher and set "secondary" interface to zero. This will cause the secondary to only be used if the primary is not operational.

    Second popular method is active/standby. In this configuration the standby interfaces are taken down and only brought up if all the active interfaces are down. We've used this if, for example, a customer has redundant connections to the same provider but needs to use their static IP on both interfaces. Of course you can't have the same IP on two interfaces, which is where "standby" comes in handy as it will only bring the standby up if active fails. This allows use of the same IP on redundant connections to the same ISP, if that ISP is capable of such a setup. Or perhaps you have a PPPoE setup on both interfaces that can only have one login at a time to the same ISP, the standby interface would allow that to work properly.

Unfiltered HTML