Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 4907 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site with HA and RED

StevenChrisman1

Current setup

XG135 with Active-Passive HA at Site #1

RED50 installed at Site #2

RED 50 is bridged to the LAN interface on the XG at Site #1. This is allowing a single subnet and IP range. AD, DHCP, DNS, etc is located at Site #1.

 

I've just purchased 2 additional XG135's and I would like to set them up in Active-Passive mode at site #2.

 

What is the best way to set this up? Leave the RED50 and attach the new firwalls? Eliminate the RED50 and create a UTM to UTM RED?

 

It's important to keep services like DHCP, DNS, etc originating from Site#1.

 

SO how do i go about setting up a UTM to UTM bridge with Active-Passive on both ends while also routing Site #2's internet traffic out of it's local UTMs? 



This thread was automatically locked due to age.
  • 0

    So after some testing...

     

    RED50 left in place and connected to WAN on XG135.

    Firewall setup in bridge mode during initialization and setup.

    Killed the LAN to WAN bridge as it doesn't work after setup.

    Setup WAN with DHCP settings to pull from Site #1

    Recreated the LAN to WAN bridge.

    Setup LAN to WAN rule designating internal network range.

    Setup WAN to LAN rule designating internal network range. 

    Added Site#1 to exceptions list for WebAdmin 

    Setup DHCP Relay.

    Setup DNS host entry.

    Setup Web Filters and Firewall rules.

  • 0 in reply to StevenChrisman1

    Can someone save me some time testing this?

     

    Is it possible to isolate ports to setup HA? The documentation shows dedicated lines from the LAN ports to the router. It also shows a dedicated switch for the DMZ link. 

    Can I isolate ports on my existing switch to facilitate the DMZ link? Can I also do this with the WAN connection?

    The switch is dedicated and not used for LAN traffic. I simply need to know if there are any functional issues with doing this?