Firewall interfaces

Answered Question
Mar 21st, 2008

Say you have three interfaces on a firewall such as a PIX. Two of the interfaces are WAN links, (broadband internet access, different ISP's) and one is your LAN. The LAN interface address is what your LAN uses as its gateway. What determines which WAN interface internet traffic initiated form the inside goes to, assuming you permit the web traffic for both?

Would you have to choose which one by setting up NAT, Routes, etc, or could you enable LAN users to access both, thereby having a failover option in case one WAN link goes down?

I have this problem too.
0 votes
Correct Answer by sundar.palaniappan about 8 years 8 months ago

You would setup one as primary ISP link and the second one as a backup. You cannot load balance traffic out both interfaces. Point the default route out via the primary link and another default route with a higher admin distance via the second link. Set NAT rules and may want to configure IP SLA to track the availability of the next hop via the primary link.

HTH

Sundar

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Correct Answer
sundar.palaniappan Fri, 03/21/2008 - 12:40

You would setup one as primary ISP link and the second one as a backup. You cannot load balance traffic out both interfaces. Point the default route out via the primary link and another default route with a higher admin distance via the second link. Set NAT rules and may want to configure IP SLA to track the availability of the next hop via the primary link.

HTH

Sundar

Actions

This Discussion