Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1432
  • Last Modified:

Unable to connect inbound traffic through 2nd WAN of firewall

We have a very odd problem with an SBS 2011 server system.

We have a ZyXel USG-50 firewall connected to two ADSL lines. Line 1 works perfectly, and SMTP, PPTP etc route inbound to the server.

However WAN 2 is configured with identical rules but does not work properly. If we disable WAN 1 interface then we can connect inbound using SMTP, VPN, FTP, whatever we like. As soon as WAN 1 is enabled, the firewall reports ACCESS FORWARD in the logs when we try to VPN on WAN 2, but nothing appears to hit the server. It seems that we have a NAT issue but I am at a loss on this.

Can anyone throw some ideas this way? I have tried everything I can think of!
0
hfnet
Asked:
hfnet
1 Solution
 
Rick_O_ShayCommented:
It sounds like the firewall is set up in some knid of active/standby mode for the WAN and either not configured for or not able to load balance with the two links.
0
 
kadafitcdCommented:
Some of these Zyxel USG's only use the WAN2 as a failover and when WAN1 is active it takes all of the incoming requests/sessions.  I'm not positive on your model.  One thing I'm sure of is that Zyxel has probably the best tech support team I've ever dealt with.  They are willing to remote into the USG and troubleshoot your problems for you and fix it.  Your best bet would be to call them and make sure it is possible and if it is they can help you accomplish it.
Zyxel Support

Good Luck HTH.
0
 
hfnetAuthor Commented:
It's set up in active/active mode and we're using WRR (Weighted Round-Robin), having tried LLF (Least Load First) with no luck. ZyXel WAN config
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
hfnetAuthor Commented:
Well I've been on the phone with ZyXel for over half an hour and they have not been able to offer any advice except to upgrading the firmware...
0
 
kadafitcdCommented:
So why wouldn't you upgrade your firmware?  They upgrade their firmware to fix problems with it.  Maybe it is a problem...
0
 
hfnetAuthor Commented:
It's not a problem updating the firmware, but I am not onsite at the moment to do it. However, if WAN 2 works when you disable WAN 1, that would say that there is possibly a problem with routing that someone may have seen before. But I am quite happy closing the question off.
0
 
kadafitcdCommented:
I wouldn't close the question until you get it fixed.  If the firmware upgrade fixes it then go ahead and close it.  We are here to help.  I have seen the problem you are talking about and it is usually because the gateway is set to failover mode and basically pushes everything through the primary WAN1.  But as you've shown that it isn't then maybe there is a problem with the firmware.  That is all.  I do still think Zyxel's support is really good.
0
 
hfnetAuthor Commented:
Well I am hopefully going onsite tomorrow morning, so we'll see what happens.

Thanks all for your help so far.
0
 
hfnetAuthor Commented:
Just an update to close this question; We were unable to do what we needed with the ZyXel, but when we put a Sonicwall TZ200 in, it worked correctly first time. Seems to be something wrong the the ZyXel.

Thanks all.
0
 
digitapCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now