Solved

Setup a failover ISP

Posted on 2008-10-13
4
910 Views
Last Modified: 2012-05-05
We have a small company that has several remote sites. We use Terminal Services to connect thru the internet to the server. Users start a desktop terminal services icon that points to mycompany.com.

I have a SonicWall TZ170. I have two internet providers, ISPA and ISPB. I have a static ip from each provider: a.a.a.a and b.b.b.b. I have set provider ISPA up as the primary provider.

I have an A record at my hosting site that points to a.a.a.a. I also want the hosting site to point to b.b.b.b. Then, when users startup the TS icon, if ISPA is down, they will go to ISPB.

My first question is, am I handling this in the correct manner? If so, can I have two A records that point to different static IP's? If not, what is the best way to accomplish this task?
0
Comment
Question by:rodneygray
  • 2
4 Comments
 
LVL 7

Expert Comment

by:VCBooth
ID: 22703265
Is the TZ170 using Enhanced OS?  If so then you simple create two address objects, Address 1 with a.a.a.a and Address 2 with b.b.b.b.  You then create a group called "Addresses" and add Address 1 and Address 2.

Create your firewall and NAT policy to allow Addresses access to your internal server.  Caviat - you can only NAT an internal server to a single IP outbound (multiple inbound).  So NAT it to a.a.a.a which is on X1.  With WAN failover, the SonicWALL automatically knows to NAT it to X2 so don't worry about it.
0
 
LVL 1

Author Comment

by:rodneygray
ID: 22703394
Sonic Wall OS: SonicOS Enhanced 3.1.0.11-30e
I assume I create the address objects on the SonicWall. Do I create those in access rules?

How would my remote sites get to primary site if primary ISPA fails? When their desktop TS icon is started, it points to mycompany.com. The A record IP address would cause DNS to point to the router that no longer functions. Wouldn't DNS would have to be setup to point to ISPB address b.b.b.b in that case?
I just don't see how addresses access to internal server would work if DNS does not point to the site.

Thanks for you help in this matter.
0
 
LVL 1

Accepted Solution

by:
gunguy earned 500 total points
ID: 22955374
VCBooth is correct on the sonicwall config  but what I believe your real question is a DNS question.

You can NOT have two A records of the same name point to two different IP addreses ex.  ts.mydomain.com can not point to a.a.a.a AND b.b.b.b
You would need TWO A records tsa.mydomain.com -> a.a.a.a and tsb.mydomain.com -> b.b.b.b.  You could then setup two ts icons for your users a primary and secondary.  Instruct them to use primary and if it does not work then use the secondary.

There are some dynamic dns providers that may allow you to run an agent on an pc on your inside location such that if your sonicwall had to fail over it would automatically update your dns server to the secondary IP.  This is not a 'normal' industry standard type of thing.  Not something that I would recommend for my clients but it may work for you.

Really, the best solution is to use a VPN from each remote site to your primary location.  The SonicWALL VPN's can be configured with secondary peers so if your primary ISP is down the tunnel will automatically come backup on the secondary provider.  This works pretty darn well, keeps terminal services CLOSED to the outside world, and gives you stronger encryption of the data being transfered via TS.
0
 
LVL 1

Author Closing Comment

by:rodneygray
ID: 31505586
The VPN idea is probably the best idea and is the one I will use.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now