Afternoon Everyone,
Just a quick question regarding HA. We plan on upgrading our existing hardware and integrating HA (active/passive) but im unsure on how best to tackle the WAN side.
Quick Overview:
2x 24/5 each Uplink Connections managed by their respective modem. These are in a half-bridge mode with only 1 port out. Both have public IP address blocks. General Internet Traffic + Incoming SMTP Email.
1x 10/10 Uplink attached to our MPLS network managed by our isp, single port out. Only for IPSec/WAF Traffic.
Hardware wise it will either be 2x sg230 or 2x sg310. Now I know im going to have to put a switch infront, plug each uplink into it. My concern is how best to configure UTM.
a) give each uplink its own vlan and use a physical interface per vlan.
b) same as above, but use a single interface or LAG and use tagged vlans trunked to switch.
Currently eth0+1+2 are connected directly to each uplink and have direct access. They receive a public IP and all NAT'ing is handled utm side. They just don't authenticate (modem's handle that)
Im pretty confident in my network skills and have been using utm/asg for many years now but havent setup a multi-wan & HA setup before.
Just looking for some insight.
Regards,
Corey
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
