Hi all, i'm running a network with a number of machines that share an internet connection of the main server (active directory setup). Proxy fields are enforced through GPO and i have SafeSquid providing filtering etc.
However, the main net connection (free through parent company LAN that we're all attached to) is a bit shaky so i was looking to get a secondary net connection e.g ADSL etc. Question is, how do i share/balance the internet connections?
I'd thinking of setting up a new machine to act as the ADSL gateway. One option would be to simply flip the proxy settings in active directory for all users to change the gateway of all machines. Not ideal for many reasons not least that it requires intervention.
The ideal is that perhaps when the main connection dips below a certain accepted speed the other kicks in or perhaps for certain critical sites, the faster of the 2 connections is chosen.
Anyone any general thoughts on this or software that you might use? I've heard of a product called Net Balancer, anyone had any experience with this or anything else?
Thanks
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Since I sometimes misunderstand someone's description in their question, here is a disgram of how I interpret your question and what you propose to do.
drawing4
Hey, thanks for mapping that out and yes, thats pretty much what we have and what we would have liked on the proposed image. I guess i was thinking perhaps on a simplistic level in terms of switching web proxies on the browser alone (IE) without affecting the machines general parent provided net connection.... crucially we have a number of webapps that are becomming more important to us day to day. Perhaps even if I could setup the proxy to divert specific url requests through a specific connection this might be progress.
P.S on a different note, what app did you use to map out the diagram? could be very useful, thanks.
I used Microsoft Office Visio 2007.
Anyway, if you do as the diagram shows,..then you need to:
1. Each LAN uses their own WAN Router as the default gateway of all their machines.
2. The WAN Router in each LAN uses the Firewall in the same LAN as its Default Gateway. This may mean that it will also need a static route to make sure changing the DFG does not "break" the WAN connection.
Some firewalls can have more than one internal type nic which allows the WAN link to run between the two "third nics" of each firewall this simplifies routing. My diagram does nto reflect this design.
3. Each Firewall is configured with a Static Route the tells it to use the WAN Router in that same LAN as the "path" to the opposite LAN.
4. Each Firewall must include the IP Range of Both LANs in its Local Addess Table (LAT). Each brand of Firewall may have a different name that the LAT is called. You'll have to figure that out.
Business Accounts
Answer for Membership
by: pwindellPosted on 2009-08-25 at 07:28:50ID: 25177957
As I think you have already noticed,...this is not so simple.
You do not really have an "Internet connection" right now,...you have a private WAN Connection to the Parent Company,...the fact that they give you internet access at their end is not really relevent, or at least only semi-relevant.
What you have is a multi-subnet network. The fact that a WAN link connects to two, and that the "other" one is the parent company is irrelevant. The router between you and the parent company needs to be the Default Gateway of all the machines,...it should already be and you should not even consider changing that.
But what you have to do is change the Default Gateway of the Router itself to point to a firewall that you add to your LAN for an internet connection that you add. This can sometimes break the communication to the parent companyif not done correctly, so you need to make sure it is done correctly by someone who understand how to deal with any side effects.
There will be no redundancy,..there will be no fail over from one connection to another,...just ain't gonna happen.
If you have a multi-segment LAN with your own LAN Router between them,...not counting the Parent Company segment and thier router,...this would be extremely easy to deal with. But unfortunately your only LAN Router (which is the central routing decision maker for the LAN) is probably not completely under your control and involves the parent company with anything you do with it.