EFW Support

Support => General Support => Topic started by: TheEricHarris on Friday 24 July 2009, 02:50:33 pm



Title: Questions on dual WAN links
Post by: TheEricHarris on Friday 24 July 2009, 02:50:33 pm
Currently our ENDIAN firewall (2.2 final) is connected to a T1.  Works great.  We are now ordering a 7mbps DSL line and would like to bond these links together.  Can ENDIAN do this?  I see it can do failover, so if WAN1 dies then WAN2 becomes active.  If we can't bond them, can we specify IP's/subnets to use WAN2, while the others use WAN1?  So for example, we would route our IT subnet and mail server over WAN2 and the rest of the company over WAN1.

Trying to to get some ideas on how to do spread the load of our Internet connection over our multiple links.


Thanks :)


Title: Re: Questions on dual WAN links
Post by: TheEricHarris on Monday 27 July 2009, 02:31:43 am
No one?  This place is dead!

I'm thinking of having pfSense be my edge firewall/router and ENDIAN just be my web poroxy/VPN/smtp proxy.


Title: Re: Questions on dual WAN links
Post by: magu on Monday 27 July 2009, 07:45:41 am
I don't believe the current version of the community edition is capable of doing that. Sounds more like an enterprise feature, for which I'd say you should try Endian's s team.

[EDIT: Profanity filter a bit too eager to block out words. Can't even write A S S U M E?


Title: Re: Questions on dual WAN links
Post by: gyp_the_cat on Sunday 16 August 2009, 02:42:07 am
Hiya Magu,

Probably not exactly what you're looking for but I've posted this on another topic, could be quite similar what you're looking for.

And you're right it can be quite quiet in here sometimes ;)

Gyp

Hiya Guys,

We have a highly available and load balanced  of Endians, and I dare say you could probably fix the problem by using similar methods...

We only use our Endians for web content filtering NOT FOR VPN

We have two Endian boxes.

Our Internal DNS looks like the following:
Quote
endian1.network.local = 192.168.1.10
endian2.network.local = 192.168.1.11
proxycluster.network.local = 192.168.1.10, 192.168.1.11 (TTL set to 2 minutes!)

Our external DNS looks like this:
Quote
proxy1.network.com = x.y.z.10
proxy2.network.com = a.b.c.10

We set our network users proxy to proxycluster.network.local, and if we have a problem we can just delete one of the hosts our from the Round Robing A Record, otherwise we have load balancing on our proxies.

We do have high availabilty on our VPN with a commercial product, we did this by using a similar approach, short TTL times, and multiple A name pointers to end points.

It's amazing what you can do with DNS ;)  This may not be exactly what you're looking to do I do appreciate that...

Gyp