Solved

NETGEAR SRX5308-100AJS ProSafe Quad WAN Gigabit SSL VPN Firewall SRX5308 - Router + 4-port switch

Posted on 2010-11-07
7
1,881 Views
Last Modified: 2012-05-10
I have purchased a  NETGEAR SRX5308-100AJS ProSafe Quad WAN Gigabit SSL VPN Firewall SRX5308 - Router + 4-port switch for a client. This client requires two live WAN ports, one to the internet and a second for a corporate intranet. I spoke to Netgear sales regarding this and they recommended the NETGEAR SRX5308. The requirements of the project are to allow internet traffic through one WAN port (WAN1) and corporate Intranet traffice through the second WAN port (WAN2). I have configued both wan ports with static ip addresses, configured protocol binding for HTTP and HTTPS to both ports and configured default routes for the intranet traffic to go through WAN2. The router has two settings, setting a primary WAN port (One port live, a second port set as a failover port and the other two ports are disabled); or load balanced. The router has been set to load balanced. I have been informed by Netgear second level support that there is no need for a default route as it will work without one. I have found that this is not the case; the router is still load balancing traffic no matter what the target network in a 50/50 pattern. So the first WAN request will go through WAN port 1 and the second request will go through WAN port 2, the third request will go through WAN port 1 and the fourth through WAN port 2. (and the load balancing continues...)

I have the router configured as I requrie it to work, but need to find out if anyone can assist in setting a default route for the traffic to WAN port1 if it is not routed out through to the Intranet port (WAN2). The default routing section of the router allows setting a specific route for an ip address or a range of addresses within a single network range; but it will not allow the range to be set accross all networks. (ie I can set a default route for 64.22.66.444/32; or 64.22.66.0/24; but not for 1.1.1.1 - 224.254.254.254 - all networks that do not meed the above default routes)

PS I am working with Netgear second level support, but want to see if I can get a quicker response and solution to my issue...

Thanks for the help in advance.
0
Comment
Question by:dwknight
  • 4
  • 3
7 Comments
 

Author Comment

by:dwknight
ID: 34083118
(ie I can set a default route for 64.22.66.444/32; or 64.22.66.0/24; but not for 1.1.1.1 - 224.254.254.254 - all networks that do not meed the above default routes)

The above section should read as follows: (no matter how much proof reading is done...)

 (ie I can set a default route for 64.22.66.44/32; or 64.22.66.0/24; but not for 1.1.1.1 - 224.254.254.254 - all networks that do not meet the above default routes)
0
 
LVL 27

Accepted Solution

by:
Steve earned 500 total points
ID: 34131766
generally, you set default routes by subnet mask IE 0.0.0.0 / 0 (or subnet of 0.0.0.0) instead of setting the actual addresses 1.1.1.1-254.254.254.254.
0
 

Author Comment

by:dwknight
ID: 34132711
Thank you for your suggestion, but the static route section of the netgear will not allow 0.0.0.0 - it is detected as a an invalid entry.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 27

Expert Comment

by:Steve
ID: 34135372
The user guide advises that the router should have set up a default route automatically if you have a vpn setup.
ftp://downloads.netgear.com/files/SRX5308_RM_29Apr10.pdf

if not, try 1.1.1.1 with subnet of 0.0.0.0 and see if that works.
0
 

Author Comment

by:dwknight
ID: 34143938
Thanks for the suggestion, but I have no need for a VPN to be set up. I am looking to have a straight router with 2 active WAN ports only.
0
 
LVL 27

Expert Comment

by:Steve
ID: 34158612
I wa just quoting the user guide, not suggesting a vpn.
0
 

Author Closing Comment

by:dwknight
ID: 34280127
I am accepting this answer, even though, eventually Netgear support advised that a default route could not be manually set on this device because it is a true load balancing device. Thank you for your assistance anyway.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now