Solved

Sonicwall WAN loadbalancing issues?

Posted on 2010-11-22
4
934 Views
Last Modified: 2012-05-10
Hi Experts,

I have a Sonicwall 2040 configured with WAN failover. I have 2 ISP for 2 internet connections.

ISP1: 206.45.x.24/29 ---> X1 interface.
ISP2: 73.12.x.52/29   ---> X2 interface.

On local network (X0 interface), I also have exchange and web server which go to the public internet. The rules are being set for X1 interface. What do I have to do to make sure when it failover to X2 interface, all the exchange and web servers still can visible to the public?

Thanks.
0
Comment
Question by:SJCA
  • 2
  • 2
4 Comments
 
LVL 3

Expert Comment

by:cgaeden
Comment Utility
I believe that you'll need to have external DNS for your mail and web servers setup on the Internet with a low TTL (time to live) for each of their entries. If or when your primary ISP fails, you'll need to have entries setup on your Sonicwall using your alternate ISP's IP addresses that point to your internal servers. Should a failover occur, you would then update the DNS entries for those servers with the alternate ISPs IPs and after the TTL expires traffic will flow to the alternate addresses for those servers.

You could potentially update the IP addresses dynamically using a service like dyndns.org or dnsmadeeasy.com and running a Dynamic DNS client on your servers.

Are you using NAT to pass traffic through to your servers now?
0
 
LVL 1

Author Comment

by:SJCA
Comment Utility
Yes, I'm using NAT to pass traffic.
0
 
LVL 1

Author Comment

by:SJCA
Comment Utility
IS there anyway that I don't have to update my dns entries? I just want the email and web server keep working without having any issue after the failover second ISP.
0
 
LVL 3

Accepted Solution

by:
cgaeden earned 500 total points
Comment Utility
You can use BGP to have a consistent set of publicly routable IP addresses across both ISPs, but appart from that, none that I know of.

The dyn-dns option isn't too bad if you can live with a potential 5 minute interruption in services. It really depends on what your set the TTL at on the DNS server. You can always drop your TTL down for individual servers, but know that you'll increase the number of hits on your DNS server if you do. As the TTL expires, people trying to contact your email or web servers will generate another DNS query for those services.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now