EasyManua.ls Logo

Netgate 7100 - DNS; Setup Policy Routing

Default Icon
82 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Security Gateway Manual XG-7100
2.7.7 DNS
DNS is critical for Internet access and its important to ensure the firewall can always resolve hostnames using DNS
even when running on a secondary WAN.
The needs here depend upon the configuration of the DNS Resolver or Forwarder.
If the DNS Resolver is in its default resolver mode, then default gateway switching will be sufficient to handle failover
in most cases, though it may not be as reliable as using forwarding mode.
If the DNS Resolver is in forwarding mode or the firewall is using the DNS Forwarder instead, then maintaining
functional DNS requires manually configuring gateways for forwarding DNS servers.
Navigate to System > General Setup
Add at least one DNS server for each WAN, ideally two or more
These servers must be unique, the same server cannot be listed more than once.
Select a gateway for each DNS server, corresponding to the WAN through which the firewall can reach the DNS
server.
For public DNS servers such as CloudFlare or Google, either WAN is OK, but if either WAN uses DNS servers
from a specific ISP, ensure those exit the appropriate WAN.
Uncheck DNS Server Override
This will tell the firewall to use the DNS servers entered on this page and to ignore servers provided by dynamic
WANs such as DHCP or PPPoE. Occasionally these providers may push conflicting DNS server information so
the best practice is to assign the DNS servers manually.
Click Save
Note: If the DNS Resolver has specific outgoing interfaces selected in its configuration, select the new WAN there
well as well.
2.7.8 Setup Policy Routing
Policy routing involves setting a gateway on firewall rules which direct matching traffic out specific WANs or failover
groups.
In simple cases (one LAN, no VPNs) the only requirement to configure policy routing is to add a gateway to existing
rules.
Navigate to Firewall > Rules, LAN tab
Edit the default pass rule for the LAN
Click Display Advanced
Set the Gateway to one of the gateway groups based on the desired LAN client behavior.
For example, pick PreferWAN so clients use WAN and then if WAN fails, they use WAN2.
Click Save
Click Apply Changes
If there are other local networks or VPNs which clients on LAN must reach, add rules above the default pass rules to
pass local traffic without a gateway set:
Navigate to Firewall > Rules, LAN tab
© Copyright 2024 Rubicon Communications LLC 55

Table of Contents

Related product manuals