MPLS Internet breakout on Watchguard
Posted on 2012-08-15
I have a customer with four sites, connected via MPLS. Each site has internet through fibre connections seperate to the MPLS.
They are now going to be using the internet breakout on their MPLS and the fiber lines will be disconnected.
They have a seperate fiber line and bonded ADSL line to the MPLS at each site (one for redundancy)
The MPLS provider has there own routers at each site and these plug into our Watchguards (XTM 505) currently as trusted interfaces with all traffic allowed both ways.
In order to use load balancing with the Watchguard I want to change these to External interfaces, however when I do the internet works via the breakout but the LAN traffic between sites doesn't. I have a feeling that this is a NAT issue but cannot think where to set it - Any ideas how to get all traffic flowing this way. (the rule is still any any as the MPLS is providing protection via their firewall cluster)
I have it working as a pair of trusted interfaces with a metric of 1 on the Fiber and a metric of 10 on the ADSL, and all traffic is flowing, however when I pull the plug on the Fiber the traffic stops for everything?...(All of the static routes have been entered). Preferably I want the MPLS interfaces to be setup as External on the watchguard to allow true failover to work but at the moment only internet is working?......
Any Watchguard experts out there who can help?....