Firewall interfaces

Answered Question
Mar 21st, 2008
User Badges:

Say you have three interfaces on a firewall such as a PIX. Two of the interfaces are WAN links, (broadband internet access, different ISP's) and one is your LAN. The LAN interface address is what your LAN uses as its gateway. What determines which WAN interface internet traffic initiated form the inside goes to, assuming you permit the web traffic for both?

Would you have to choose which one by setting up NAT, Routes, etc, or could you enable LAN users to access both, thereby having a failover option in case one WAN link goes down?

Correct Answer by sundar.palaniappan about 9 years 1 month ago

You would setup one as primary ISP link and the second one as a backup. You cannot load balance traffic out both interfaces. Point the default route out via the primary link and another default route with a higher admin distance via the second link. Set NAT rules and may want to configure IP SLA to track the availability of the next hop via the primary link.


HTH


Sundar

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Correct Answer
sundar.palaniappan Fri, 03/21/2008 - 12:40
User Badges:
  • Green, 3000 points or more

You would setup one as primary ISP link and the second one as a backup. You cannot load balance traffic out both interfaces. Point the default route out via the primary link and another default route with a higher admin distance via the second link. Set NAT rules and may want to configure IP SLA to track the availability of the next hop via the primary link.


HTH


Sundar

Actions

This Discussion