EFW Support

Hi, i'm new in using EFC and i'd like to use it for 2 new buildings. That's the idea: 2 router connected to endian firewall in load balancing. Then from firewall to two switch in two buildings. The question are:

- Is it possible to connect 2 wan in load balancing? I know how use failover but don't know how to manage a load balancing.
- How many zones can i create/manage? I mean I want to create 3 vlan in every switch, 3 for building 1 and 3 for building 2 and i'd like to manage them also with Endian.

Thanks
Alderaan

What i exactly need to do is: route packages based on type: traffic http, https, imap, pop3, smtp, on red interface1 all the other on interface 2.

Or i'd like to select red interface 1 or interface 2 with a round robin algo so route packages on fist interface with less traffic.

Hi Alderaan

I'm in a similar situation. Currently we have 2 sites each with one Broadband connection.

Were adding an extra site and also implementing a VoIP telephone system to cover the 3 sites.

We will be having 2 broadband connections at each site.

At one site where the phone system is hosted I need to configure VOIP traffic down one broadband and all other traffic down the other . At the other sites I will use the second broadband as a fail over.

I'm not sure whether (if its even possible) to have 2 greens to make routing traffic easier. green 1 is default gateway for data and green 2 is default gateway for voip.

Sorry that doesn't help you much, but I didnt want to open up a new thread.

Thanks

Adam

No problem for your post. looking on google i've found this : "HOW TO LOAD BALANCE WITH 2 OR MORE RED NIC"

This seems to be not so far from my idea, the only cons is that you need to integrate this by concole and not using endian gui.

Yeah Ive seen it also
http://foolbaby.wordpress.com/2008/01/06/load-balance-with-2-or-more-red-nic-with-endian-firewall/

Im not sure if its possible to have both red interfaces running at the same time.
I will be using policy routing when my solution is in place and when routing traffic you have the option to pick an uplink. I can only assume from this that you can have both uplinks on at once.

Ive had a look through the documentation and it only talsk about configuring the second uplink as a backup.

I hope someone can help us.

My last update in this project will be to manage 3 incoming wan from 3 different router and load balancing them basing on type of package.  Another way will be to round robin them.

Check out this from the documentation

http://docs.endian.com/system.html#network-configuration

"Each uplink can be operated in either managed mode (default) or manual mode. In managed mode Endian UTM Appliance monitors and restarts the uplink automatically when needed. If managed mode is disabled, the uplink can be activated or deactivated manually. There will be no automatic reconnection attempt if the connection is lost. By clicking on the reconnect link you can restart an uplink. This can be used for troubleshooting."

Also, this from older documetation talks about what i want to do with multiple green interfaces.

http://docs.endian.com/archive/2.1/efw.system.network_configuration.html

"You can assign multiple interfaces per zone. Multiple interfaces can be added by pressing Ctrl and clicking on the desired interfaces. The interfaces will then internally bridged together, so they have the same functionality like a switch."

Ok, so i can assign multiple interfaces to one zone. They are bridges so i can manage them as a switch. But how manage them, i mean, how can i assign to interface 1 a certain kind of traffic and to interface 2 other? My problem is that. I want to use both router and divide traffic basing on kind of protocol.

For traffic shaping based on protocols,  see the menu of outgoing firewall. But i belv that you cannot do routing/policy based routing based on protocols because Endian consider red interface as one physical connection to outside world. You can do policy based routing but that would be independent to protocols :-( i will keep looking into this and if i may find any solution then i will get back to you.

Hi Guys,

I am also trying to bond or load balance two ADSL lines. All I have gathered so far is that with multiple ADSL lines, you cannot bond them, only load balance but they act individually (i.e. two lines of 8Mbs as one... NOT 'one' line of 16Mbs).

After extensive googlin', the foolbaby link seems the only possible way of making this happen (besides a routing policy). :(

The only last resort I found would be to place a box running pfSense between your ADSL routers and your Endian box. Info here: www [dot] smallnetbuilder.com/security/security-howto/31406-build-your-own-ids-firewall-with-pfsense As pfSense supports load balancing.

I would really appreciate any updates on this though.

Thanks

We already do this.  I have an EFC with two Red interfaces.  Points to consider:

1. Policy routing will be your tool for defining which pipe data is sent out.
2. If you are using the router to handle VOIP packets, get to know the QoS engine and settings.  Not planning for this is planning to fail and field constant complaints about call quality.  Make sure you create a rule for "everything else" that specifies the maximum that it can use, otherwise at times the QoS engine doesn't know what do with it.
3. Many commercial SIP trunk providers have their setups tied to the IP, so they will not failover. (It might be worth it to have at least one POTS line for FAX, alarm system and emergency fail over)

Enjoy!

Thanks Jeremy.

Ill have a look a the QOS. Its something ive not used before so will have to try and get my  around it first.

Thanks

Adam

Hi again.

I tried setting both WANs up the other week and as soon as i switched the second WAN on, all internet access stopped.

Am i doning something worng.

I know how to set one up as a failover, but this isnt what im after. I need to have both Red connections on at the same time so i can route voip traffic down one link and everything else down the other.

Thanks

Adam