Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 25 replies
  • Subscribers 29 subscribers
  • Views 9637 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

V17 to V18 Migration - Specific Gateway

VikenNajarian

Hello,

 

I tested the V18 this weekend during hours, and I'm sure I'm missing something for my actual rules from V17 to be the same on V18...

 

I watched the videos of NAT explained in V18, and read the KB, but I must be dumb I don't know... and I can't figure out to have the same thing on V18...

Here are screenshots of my V17 rules

First, this is the rule #1, with specific VLANs to access the Internet with specific services from specific gateway " WAN link load balance"

Second, this is the rule #15 with VLAN100 accessing the internet with all ports and all destinations, with specific gateway "ADSL"

 

Then, we can see that the #15 rule is on the top and will be asked first by the firewall rules, and the #1 is bottom.

 

I tested to do the same on V18, and tried to tweak the SD-WAN thing to use specific gateway, but it routes all the traffic even if this is not internet ( Ie VLAN 1 to VLAN 10 RDP are routed to default internet gateway which is dumb because this is internal traffic...)

So can someone explain me the exact way to have the 2 same rules I had in v17 for V18?

Thank you.

Regards.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

     

    We have the exact same problem, I spent the whole Sunday yesterday.

    I even went so far as to create all firewall rules new.

    we do not use multiple wans for load balancing, rather to send certain servers outside via a certain WAN line.

    All traffic should only go through one (master) line. I don't want load balancing but I can't turn it off.

    I want to use both WAN connections completely separately.

    That was no problem in 17, you could simply specify a primary gateway in the firewall rule and it worked.

  • 0 in reply to TimFranken

    You need to following:

    WAN Link Manager: Primary Connection is Active. Other WAN Links are Backup. Backup will not be used by the System, only if called. 

    You can call the backup Link via SD-WAN Routes. 

Reply Children
  • 0 in reply to LuCar Toni

    Yes but when you call a backup link via SD-WAN like this:

     

    Source "IP of your server that you want it uses only this link"  > Destination "any" > gateway " backup link > services "any"

     

    If you go on http://whatismyip.com from this server, it will show the backup link IP, but if you try to ping an internal server which is in another VLAN it won't work anymore because it tries to pass by the backup link at the 2nd hop instead of passing at the internal (verrified with traceroute)