Security Gateway Manual SG-2100
• Click Save
• Click Add to create another gateway group
• Configure the group as follows:
Group Name LoadBalance
Gateway Priority Gateways for WAN and WAN2 both on Tier 1
Description Prefer WAN2, fail to WAN
Note: This performs connection-based load balancing, not per-packet load balancing.
• Click Save
• Click Apply Changes
Now set the default gateway to a failover group:
• Navigate to System > Routing, Gateways tab
• Set Default gateway IPv4 to PreferWAN
• Click Save
• Click Apply Changes
Note: This is important for failover from the firewall itself so it always has outbound access. While this also enables
basic failover for client traffic, it’s better to use policy routing rules to control client traffic behavior.
11.7 DNS
DNS is critical for Internet access and it’s important to ensure the firewall can always resolve hostnames using DNS
even when running on a secondary WAN.
The needs here depend upon the configuration of the DNS Resolver or Forwarder.
If the DNS Resolver is in its default resolver mode, then default gateway switching will be sufficient to handle failover
in most cases, though it may not be as reliable as using forwarding mode.
If the DNS Resolver is in forwarding mode or the firewall is using the DNS Forwarder instead, then maintaining
functional DNS requires manually configuring gateways for forwarding DNS servers.
• Navigate to System > General Setup
• Add at least one DNS server for each WAN, ideally two or more
These servers must be unique, the same server cannot be listed more than once.
• Select a gateway for each DNS server, corresponding to the WAN through which the firewall can reach the DNS
server.
For public DNS servers such as CloudFlare or Google, either WAN is OK, but if either WAN uses DNS servers
from a specific ISP, ensure those exit the appropriate WAN.
© Copyright 2022 Rubicon Communications LLC 54
To Next Page
Loading...
Need help?
General
