[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Setup a failover ISP

Posted on 2008-10-13
4
Medium Priority
?
920 Views
Last Modified: 2012-05-05
We have a small company that has several remote sites. We use Terminal Services to connect thru the internet to the server. Users start a desktop terminal services icon that points to mycompany.com.

I have a SonicWall TZ170. I have two internet providers, ISPA and ISPB. I have a static ip from each provider: a.a.a.a and b.b.b.b. I have set provider ISPA up as the primary provider.

I have an A record at my hosting site that points to a.a.a.a. I also want the hosting site to point to b.b.b.b. Then, when users startup the TS icon, if ISPA is down, they will go to ISPB.

My first question is, am I handling this in the correct manner? If so, can I have two A records that point to different static IP's? If not, what is the best way to accomplish this task?
0
Comment
Question by:rodneygray
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Expert Comment

by:VCBooth
ID: 22703265
Is the TZ170 using Enhanced OS?  If so then you simple create two address objects, Address 1 with a.a.a.a and Address 2 with b.b.b.b.  You then create a group called "Addresses" and add Address 1 and Address 2.

Create your firewall and NAT policy to allow Addresses access to your internal server.  Caviat - you can only NAT an internal server to a single IP outbound (multiple inbound).  So NAT it to a.a.a.a which is on X1.  With WAN failover, the SonicWALL automatically knows to NAT it to X2 so don't worry about it.
0
 
LVL 1

Author Comment

by:rodneygray
ID: 22703394
Sonic Wall OS: SonicOS Enhanced 3.1.0.11-30e
I assume I create the address objects on the SonicWall. Do I create those in access rules?

How would my remote sites get to primary site if primary ISPA fails? When their desktop TS icon is started, it points to mycompany.com. The A record IP address would cause DNS to point to the router that no longer functions. Wouldn't DNS would have to be setup to point to ISPB address b.b.b.b in that case?
I just don't see how addresses access to internal server would work if DNS does not point to the site.

Thanks for you help in this matter.
0
 
LVL 1

Accepted Solution

by:
gunguy earned 2000 total points
ID: 22955374
VCBooth is correct on the sonicwall config  but what I believe your real question is a DNS question.

You can NOT have two A records of the same name point to two different IP addreses ex.  ts.mydomain.com can not point to a.a.a.a AND b.b.b.b
You would need TWO A records tsa.mydomain.com -> a.a.a.a and tsb.mydomain.com -> b.b.b.b.  You could then setup two ts icons for your users a primary and secondary.  Instruct them to use primary and if it does not work then use the secondary.

There are some dynamic dns providers that may allow you to run an agent on an pc on your inside location such that if your sonicwall had to fail over it would automatically update your dns server to the secondary IP.  This is not a 'normal' industry standard type of thing.  Not something that I would recommend for my clients but it may work for you.

Really, the best solution is to use a VPN from each remote site to your primary location.  The SonicWALL VPN's can be configured with secondary peers so if your primary ISP is down the tunnel will automatically come backup on the secondary provider.  This works pretty darn well, keeps terminal services CLOSED to the outside world, and gives you stronger encryption of the data being transfered via TS.
0
 
LVL 1

Author Closing Comment

by:rodneygray
ID: 31505586
The VPN idea is probably the best idea and is the one I will use.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question