Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 11036 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LAN zone failover and load balancing

Brian Emke

I have an XG Firewall and I'd like to add some redundancy on the LAN zone. Specifically, I'd like Port 1 to be connected to a port on one switch and port 5 connected to another switch. Both 1 and 5 are part of the LAN zone. The two switches are part of a L3 switch stack.

I'd like both ports 1 and 5 to load balance and, should a switch malfunction or a cable be unplugged, have traffic failover to the surviving firewall port.

Can this be done?

Thanks in advance for any help you can provide!

 



This thread was automatically locked due to age.
Parents
  • +1

    Hi Brian,

    What brand and model of switches are you using? Most manufactures allow a LAG to be created across stack or virtual chassis members. I use this feature on Juniper EX series switches. You can have up to 8 ports in a LAG on most Juniper switches. Those 8 ports can be from any virtual chassis member. You just create a LAG on the XG with ports 1 and 5 and then do the same on your switch stack assuming is supports that feature.

    www.juniper.net/.../virtual-chassis-ex4200-aggregated-ethernet.html

  • 0 in reply to MichaelBolton

    These are Netgear ProSafe switches.

    These support LAG so that would handle my load balancing. My understanding may be a bit off, but as I understand it with LAG all connections would need to be operational all the time. If one connection goes down the LAG group is no longer able to keep traffic flowing on the remaining links.

  • 0 in reply to Brian Emke

    Sorry Michael, should have read the link you provided before replying.

  • 0 in reply to Brian Emke

    I'm not that familiar with Netgear switches so I am not sure if they are true stacking or just logical stacking meaning all switches are managed as one. True hardware stacking creates a virtual chassis and allows the switches to share a backplane. If you switches are not true hardware stacking, then you would not be able to created a LAG using a port from each one. You could create some redundancy from creating a LAG in just one switch though and it will load balance. LAG interface will work with only one port up. If you give me the model of your switches, I will be glad to look them up and see what they can do.

Reply
  • 0 in reply to Brian Emke

    I'm not that familiar with Netgear switches so I am not sure if they are true stacking or just logical stacking meaning all switches are managed as one. True hardware stacking creates a virtual chassis and allows the switches to share a backplane. If you switches are not true hardware stacking, then you would not be able to created a LAG using a port from each one. You could create some redundancy from creating a LAG in just one switch though and it will load balance. LAG interface will work with only one port up. If you give me the model of your switches, I will be glad to look them up and see what they can do.

Children