Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 28 subscribers
  • Views 10989 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dual WAN Configuration Not Working

Fasil Yilma

Good day

We have recently implemented XG230 (SFOS 16.05.5 MR-5). There are two WANs to different ISPs. There are LAN and Wifi zones on the inside. The LAN for network attached computers and the the wifi with 2 access points, let me call them wStaff and wGuests with different ip ranges. We want the wGuests traffics (10.220.1.x) to use WAN2 (Port 3), while the rest LAN (eg. 10.200.1.x) and wStaff (10.210.1.x) to go to WAN 1 (Port 2). 

The picture depict the config we want to achieve. Nonetheless, although we have added additional NAT a part from MASQ, policy route for wGuests to WAN2, gateways (both with green status and ping test from diagnostics results positive to both gateways),and created a firewall rule (wGuests as source and WAN, and NAT & Routing to WAN 2), the internet traffic from wGuests are not passing through - all being blocked- error message received on connected devices is attached below. All other traffics from LAN and wStaff are good. Any assistance is much appreciated.

 



This thread was automatically locked due to age.
Parents
  • 0

    Hello Fasil,

    Are you trying to achieve by firewall rule ID 8? If yes, then modify it or create a firewall rules above it as follows.

    Src Zone: Wi-Fi

    Src Network:  10.250.1.0 / 24

    Dst Zone: WAN

    Dst Network: Any

    Service: Any

    Router through Gateway: WAN 2

    NAT:  Your NAT policy

    Web and App Policy of your choice (just for testing keep it None)

    Good Luck!!!

    Regards, Ronak.

  • 0 in reply to Ronak Sheth

    Thank you, Ronak for the assistance. I have added a new rule above (id:6) with the params you recommended, however the problem is still there. attached the screen shot and packet capture indicating the new rule didnt allow the incoming traffics. We also thought it's straight forward but we are missing something.

     

     

  • 0 in reply to Fasil Yilma

    Hi,

    what do you mean by incoming traffic? If you mean incoming to the XG from external sources then you will need another rule wan -> lan type.

    Ian

Reply Children