Hi all,
I would like someone's advice on this just to make sure im doing this right as its a little different to other firewalls that I've handled before.
Got a customer who is replacing a Draytek 2960 with a SG330. They have two WANs, one is a connection to the internet but the other is to an MPLS that is managed by the company's HQ (we have no control or involvement).
The MPLS connection has bespoke services on it so with the Draytek we use to say anything to the IP of 10.240.1.1 (an example) then go out on WAN2 port. Ok no problem BUT there are a lot of bespoke services with a array of IP addresses. So on the Draytek you could say any destination IP starting 10.240.1.1 to 10.240.254.254 then go out on WAN2. This meant when HQ changed IP addresses of any bespoke services then we didn't have to create new rules on the Draytek to force it out on WAN2 because it always fell into that massive IP range. The issue is this company is huge so central IT are useless informing of any system changes or maintenance so they do not have the luxury of knowing these bespoke service's IP addresses - crazy I know.
So to do this what ive done is
Created a network range object of 10.240.1.1 to 10.240.254.254
Gone to Multipath Rules, created new rule
1) Source is the internal
2) Service is All
3) Destination - added the Network range object created above
4) ltf persistence is By Interface because we don't want it to balance or fail over to any other interface or connection
5) Bind to interface - selected WAN2
I hope someone would be kind enough to confirm this and if you're in the UK and near the south west then ill buy you a pint [:)]
This thread was automatically locked due to age.
