Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 10962 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Two different WAN connections; each for a separate zone

zackj

Hallo,

 

I am looking for use the XG with the following configuration:

  • WAN over ISP 1 on Port 1 = Internet Connection A
  • WAN over ISP 2 on Port 2 = Internet Connection B
  • Zone 1 on Port 3
  • Zone 2 on Port 4

Now I want, that Internet Connection for Zone 1 is always Internet Connection A and for Zone 2 is always Internet Connection B. (I don't want to have a fail over respectively backup connection.

I tried that with the following Firewall rules:

  • Rule 1:
    • Source Zones = Zone 1
    • NAT & Routing
      • Rewrite source address (Masquerading)
      • use Outbound Address = MASQ (i leave all by default for that)
      • Primary Gateway = Internet Connection A
      • Backup Gateway = None
      • DSCP Marking = Not set
  • Rule 2:
    • Source Zones = Zone 2
    • NAT & Routing
      • Rewrite source address (Masquerading)
      • use Outbound Address = MASQ (i leave all by default for that)
      • Primary Gateway = Internet Connection B
      • Backup Gateway = None
      • DSCP Marking = Not set

But that does not work! I can only open Websites on Zone 1. On Zone 2 it works only when I change Internet Connection B to A in Rule 2.

But PING to an internet Host e.g. google.com runs with Rule B ...

 

What is wrong with that?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    please provide the IP address ranges used for the internal zones.

    How many other rules do you have in place?

    Please also post an expanded screenshot of your rules?

    Ian

  • 0 in reply to rfcat_vk

    The IP configuration is as following:

    Internet Connection A comes throgh DHCP; GW is 192.168.178.1 (a FritzBox)
    Internet Connection B is configured static; GW is 192.168.60.1 (an other Router) and IP from Port 2 is 192.168.30.2


    The DNS Server in XG is set to 8.8.8.8

    Zone 1 has the network 10.1.0.0/16 and IP from Port 3 is 10.1.0.1
    Zone 2 has the network 10.0.30.0/24 and IP from Port 4 is 10.0.30.1

    Both zones are from type "LAN" and has the following Device Access enabled: Network services (DNS and Ping), Other services (Web proxy)


    There are two active rules (for testing i deactivated the other ones):
    first:

    second:


    There is no rule to connect the two zones each other

  • 0 in reply to zackj

    Hi and thank you for the detailed post.

    I assume you are using the XG to provide DHCP addressing and DNS details. Do you have any of your test devices setup with a static IP address?

    Make sure that the test device is assigned an IP address for that network, currently the DHCP servers on the XG are not unique to each LAN eg a static address in one DHCP server will be assigned if the device connects to another network on the XG.

    Ian

    I think you have constrained your LAN zone too tightly. When you look at the log viewer while testing with your original rue settings what results do you see.

    You will need to change your rules because the way they are setup the traffic will always go out the top rule. You need to add a network id for each network in the network field eg network using IP range for Zone 1 and another for network addresses using Zone 2.

    The split load over two different internet connections does work, I have previously used that setup when I had two ADSL services.

    Sorry about this post which is rambling along, I posted different ideas that I thought might help.

Reply
  • 0 in reply to zackj

    Hi and thank you for the detailed post.

    I assume you are using the XG to provide DHCP addressing and DNS details. Do you have any of your test devices setup with a static IP address?

    Make sure that the test device is assigned an IP address for that network, currently the DHCP servers on the XG are not unique to each LAN eg a static address in one DHCP server will be assigned if the device connects to another network on the XG.

    Ian

    I think you have constrained your LAN zone too tightly. When you look at the log viewer while testing with your original rue settings what results do you see.

    You will need to change your rules because the way they are setup the traffic will always go out the top rule. You need to add a network id for each network in the network field eg network using IP range for Zone 1 and another for network addresses using Zone 2.

    The split load over two different internet connections does work, I have previously used that setup when I had two ADSL services.

    Sorry about this post which is rambling along, I posted different ideas that I thought might help.

Children