Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 6942 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Planning a 4G Backup WAN Link with custom firewall rules

Chris Shipley

So, we have a 4G SimpliFi system hooked up as a Backup WAN Link.  We've tested this, works GREAT!  However, we've identified that in the event of a WAN failover to our backup link, we want to only deliver Internet access to those services we've deemed critical.  So I know how to build firewall rules around the services we want to allow.  But how do I create them so that our other rules do not take over and allow all traffic.  We really only need like 5 Internet destinations to run our business when our main Internet fails.  We want to prevent the rest so we don't get high data charges for things like automatic Microsoft Updates, streaming video/music, etc.  How would you go about it?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Fabien Martinet

    I'm under the impression that's not how those work.  If I have a rule set up that exists in a higher priority than my default network rule, it will take precedent.  Like so:

    Rule 1 (top)
    Traffic from LAN/Limited LAN Subnet to WAN/Limited WAN Locations
    Primary Gateway: Secondary Link

    Rule 2 (below)
    Traffic from LAN/Any to WAN/Any
    Primary Gateway: WAN Link Load Balance

    Will this rule not simply route all that limited WAN location destination traffic through that Secondary link since it's higher up in the priority?  Additionally, will this traffic fail because Secondary Link is Backup, only Active when Primary Link fails?

  • 0 in reply to Chris Shipley

    ooooh, hold on - so I think after doing this and re-reading your post, I make Rule 1 (top) use WAN Link Load Balance and Rule 2 Primary Link?

  • 0 in reply to Chris Shipley

    Hi,

     

    yes you're right.

    Top rule : 

    From Lan

    To business critical site

    Wan link LB

     

    Bottom rule :

    From Lan

    To Wan

    Primary Link