Windows Networking
--
Questions
--
Followers
Top Experts
Watchguard Firebox Get Internet Connection to other site through MPLS
Our company have 3 sites connected with MPLS connection and all of sites have only 1 internet connection E1 2mbps. we want to have a fail over internet connection if ever the internet goes down it will get a internet connection to other sites.. what will be the prerequisite or steps that we need to accomplish.
Connection Between Sites.
Routing: Dynamic Routing and Enable the use of non-default is checked
1. Primary connection between sites is MPLS
2. Failover connection between sites is BPOVPN
* BPOVPN Failover from MPLS is working.
* BPOVPN in every sites are working.
Internet Connection in every sites 2mbps E1
Goal: If the internet connection of one site is down we want to get an internet connection to other site. It will pass through using the MPLS connection Primary.
Network-Diagram.jpg
Connection Between Sites.
Routing: Dynamic Routing and Enable the use of non-default is checked
1. Primary connection between sites is MPLS
2. Failover connection between sites is BPOVPN
* BPOVPN Failover from MPLS is working.
* BPOVPN in every sites are working.
Internet Connection in every sites 2mbps E1
Goal: If the internet connection of one site is down we want to get an internet connection to other site. It will pass through using the MPLS connection Primary.
Network-Diagram.jpg
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
I'm not sure what you mean...
I understand you have 2 internet outbreaks on each site:
1 IPVPN, and 1 other outbreak.
When the IPVPN goes down you want to use the other line for internet and a BOVPN to connect to the other sites?
If this is the case you would need to buy a fireware XTM PRO key to enable multi-wan failover and policy based routing.
I understand you have 2 internet outbreaks on each site:
1 IPVPN, and 1 other outbreak.
When the IPVPN goes down you want to use the other line for internet and a BOVPN to connect to the other sites?
If this is the case you would need to buy a fireware XTM PRO key to enable multi-wan failover and policy based routing.
First of all thank for your response.
Current we have (4) four sites, all sites are connected through MPLS (Primary connection between sites) , then our fail over connection between sites is Watchguard BPOVPN (dynamic Routing and Enable the use of non-default is enabled ).
All of (4) site have only (1) Internet connection which is 2Mbps.
All of (4) site are Fireware XTM PRO.
Goal: If the internet connection of (1) site is down or not available we want to get an internet connection to the other site.
Do I need to add additional routes to MPLS router?
Current we have (4) four sites, all sites are connected through MPLS (Primary connection between sites) , then our fail over connection between sites is Watchguard BPOVPN (dynamic Routing and Enable the use of non-default is enabled ).
All of (4) site have only (1) Internet connection which is 2Mbps.
All of (4) site are Fireware XTM PRO.
Goal: If the internet connection of (1) site is down or not available we want to get an internet connection to the other site.
Do I need to add additional routes to MPLS router?
the problem is that you have defined the MPLS as trusted from what i see in the schematic.
Otherwise you could just use wan failover on the watchguard and use the MPLS as backup.
then you would add a route to the MPLS router of site B eg: 0.0.0.0 --> Watchguard site A.
Then on the watchguard on site A you would say :
HTTP from= Network IP site B to "external"
Sorry if i'm not to cleat :)
Otherwise you could just use wan failover on the watchguard and use the MPLS as backup.
then you would add a route to the MPLS router of site B eg: 0.0.0.0 --> Watchguard site A.
Then on the watchguard on site A you would say :
HTTP from= Network IP site B to "external"
Sorry if i'm not to cleat :)
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Thanks for your response,
I can understand the instructions it is clear, I will try it Tom.
1. I will change MPLS interface to External from Trusted
2. then I will add route to MPLS router <Â which router ? Local router S0/0 or PE router which is located in our Service Provider S0/0.1? Site A S0/0 = 10.205.24.2, S0/0.1 = 10.205.24.1
3. then I will create a "ANY" Policy From MPLS &Â Any Trusted to Any Trusted &Â MPLS.
Thanks
I can understand the instructions it is clear, I will try it Tom.
1. I will change MPLS interface to External from Trusted
2. then I will add route to MPLS router <Â which router ? Local router S0/0 or PE router which is located in our Service Provider S0/0.1? Site A S0/0 = 10.205.24.2, S0/0.1 = 10.205.24.1
3. then I will create a "ANY" Policy From MPLS &Â Any Trusted to Any Trusted &Â MPLS.
Thanks
you need to add it to the router just behind the firewall from which you want to redirect the traffic.
and as gateway enter the IP of the firewall of the receiving site
and as gateway enter the IP of the firewall of the receiving site
Hi Guys,
I did not yet change anything you have suggested, but can please help me to analyze the screen cap of a trace route of google.com when I tried the instruction of our Firebox vendor.
Thanks
Trace-Route-MPLS.JPG
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Your traceroute is bouncing back and forth between your MPLS router FE0/0 and the FE0/1
This is because there is no route to the said ip (google.com)
This is why I said you need to add a route for this to one of the other sites, and then make the firewall on the other site accept the traffic and redirect it over the Inet outbreak
This is because there is no route to the said ip (google.com)
This is why I said you need to add a route for this to one of the other sites, and then make the firewall on the other site accept the traffic and redirect it over the Inet outbreak
Hi,
I tried to configure what have suggested but same result. Do you the MPLS IPVN might blocking the Internet Traffic?
I tried to configure what have suggested but same result. Do you the MPLS IPVN might blocking the Internet Traffic?
I can't be sure about that but, did you enter a route on the IPVPN router?
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Yes I added the a route on the LOCAL IPVPN Router going to other Watchguard.
Do you see the traffic arriving on the watchguard in the other site?
No I do not see traffic arriving on the watchguard in the other site?
How can I verify if our MPLS would not allow us to send internet traffic?
How can I verify if our MPLS would not allow us to send internet traffic?
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
I would say ask the provider that installed the mpls.
But normally if you can access the router and add routes yourself, you should be able to.
But normally if you can access the router and add routes yourself, you should be able to.
Hi,
I can access the CE router, but I cannot add PE router. Â
I also attached the configuration of our CE router. I could not understand the MPLS configuration of our provider.
Thanks
SITE-A.txt
SITE-B.txt
SITE-C.txt
SITE-D.txt
I can access the CE router, but I cannot add PE router. Â
I also attached the configuration of our CE router. I could not understand the MPLS configuration of our provider.
Thanks
SITE-A.txt
SITE-B.txt
SITE-C.txt
SITE-D.txt
Hello
I Manage an account with 8 remote sites all with closed MPLS Networks. Â Each remote site connects to HQ- where their servers are on premise; for all critical applications and internet access. Â I do not provide MPLS BSI on any of the locations; customer has their own watchguard firebox separate from the services am aware that they have with me. Â
I am not familiar with watchguard product set.... I assumed this was strictly firewall but I may be wrong.  Can a closed MPLS network get ISP services from a specific  Watchguard product set?  If they cannot then they must have an alternate ISP provider connecting them to their remote sites. Â
Please help or let me know where I can find more information on Watchguard products and services. Â Thanks.
I Manage an account with 8 remote sites all with closed MPLS Networks. Â Each remote site connects to HQ- where their servers are on premise; for all critical applications and internet access. Â I do not provide MPLS BSI on any of the locations; customer has their own watchguard firebox separate from the services am aware that they have with me. Â
I am not familiar with watchguard product set.... I assumed this was strictly firewall but I may be wrong.  Can a closed MPLS network get ISP services from a specific  Watchguard product set?  If they cannot then they must have an alternate ISP provider connecting them to their remote sites. Â
Please help or let me know where I can find more information on Watchguard products and services. Â Thanks.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Windows Networking
--
Questions
--
Followers
Top Experts
The Windows operating systems have distinct methodologies for designing and implementing networks, and have specific systems to accomplish various networking processes, such as Exchange for email, Sharepoint for shared files and programs, and IIS for delivery of web pages. Microsoft also produces server technologies for networked database use, security and virtualization.