Hi,
I am looking for guidance on troubleshooting the following setup:
We have 2 ISPs with 13 usable public IPs (ISP1) and one with 8 usable public IPs (ISP2).
We have 4 internet facing servers (for sake of this thread) that need both inbound and outbound NATing to occur with their respecitve individual public IPs and not via masquerade NATing. We need masquerade NATing for the rest of the internal LAN addresses other than the 4 servers.
We have one internal LAN.
When ISP1 goes down we would like fail-over to ISP2.
We have the following setup on the UTM (9.313-3):
Each ISP connection is setup on a separate physical eth interface and defined on the UTM.
Uplink balancing turned on with our ISP1 interface as Active and ISP2 interface as Standby.
We have all of the Public IPs (for both ISPs) for the 4 servers setup as Additional interfaces bound to WAN interfaces connected to the respective ISPs.
We have setup masquerade NAT policies for the internal network > Uplink Interfaces
We have setup individual DNATs and SNATs for each of the 4 servers. 4 policies each server- 2 DNATs (one per ISP public IP) and 2 SNATs (one per ISP public IP).
We have firewall rule Internal (Network) > any > allow as well as firewall rules allowing the incoming traffic from the web to the 5 servers.
DNAT and SNAT work fine when on primary ISP. IPs are separate and traffic flows fine.
Problem:
When we do a fail-over test the servers that have SNATs defined cannot get to the Internet.
Inbound (DNAT) is working fine. Outbound SNAT is where we are having problems.
Any input would be appreciated.
Dave
This thread was automatically locked due to age.
