EasyManua.ls Logo

Netgate 8300 - Page 63

Netgate 8300
129 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Security Gateway Manual Netgate-8300
Note: Rules using this group enable connection-based load balancing, not per-packet load balancing.
Rules using this group will also have failover style behavior as WANs which are down are removed from load
balancing.
Click Save
Click Apply Changes
Now set the default gateway to a failover group:
Navigate to System > Routing, Gateways tab
Set Default gateway IPv4 to PreferWAN
Click Save
Click Apply Changes
Note: This is important for failover from the firewall itself so it always has outbound access. While this also enables
basic failover for client traffic, it’s better to use policy routing rules to control client traffic behavior.
2.6.7 DNS
DNS is critical for Internet access and it is important to ensure the firewall can always resolve hostnames using DNS
even when running on a secondary WAN.
The needs here depend upon the configuration of the DNS Resolver or Forwarder.
If the DNS Resolver is in its default resolver mode, then default gateway switching will be sufficient to handle failover
in most cases, though it may not be as reliable as using forwarding mode.
If the DNS Resolver is in forwarding mode or the firewall is using the DNS Forwarder instead, then maintaining
functional DNS requires manually configuring gateways for forwarding DNS servers.
Navigate to System > General Setup
Add at least one DNS server for each WAN in the DNS Server Settings section, ideally two or more. Click
Add DNS Server to create additional rows.
Each entry should be configured as follows:
Address
The IP address of a DNS server.
Each server address must be unique, the same server cannot be listed more than once.
DNS Hostname
Leave this field blank unless the server will be contacted using DNS over TLS through the DNS
Resolver. In this case, enter the FQDN of the DNS server so its name can be validated against its
TLS certificate.
Gateway
Select a gateway for each DNS server, corresponding to the WAN through which the firewall can
reach the DNS server.
For public DNS servers such as CloudFlare or Google, either WAN is OK, but if either WAN
uses DNS servers from a specific ISP, ensure those exit the appropriate WAN.
© Copyright 2024 Rubicon Communications LLC 61

Table of Contents

Related product manuals