Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Two Networks - One ISP

Posted on 2013-05-28
Medium Priority
Last Modified: 2013-05-28
I hope I can explain this well enough for someone to help me.

I have two networks in my building. They both have a totally separate network infrastructure. Each network has its own firewall (Sonicwall NSA 3500) and each has a different Internet Service Provider.

On one of the networks (call it network-1) I have a fiber primary WAN connection and a Comcast 100mbps business class line on a secondary WAN as a fail-over.

On the second network (call it network-2) I have a fiber primary WAN connection, but no secondary WAN as a fail-over.

What I want to do is use the Comcast 100mbps business class line as a fail-over WAN on both networks. I have 5 static IP addresses with the 100mbps line and I think I can just assign an IP address to the secondary WAN both networks, give them the same gateway address, and that will work.

My problem is, I can’t have connectivity between these two networks. I’m concerned that because the two secondary WAN interfaces have addresses that are on the same segment there will be problems.

Can anyone give me advice on this? Is there a way of doing this safely?
Question by:TwoKJM
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 22

Assisted Solution

CompProbSolv earned 750 total points
ID: 39201914
Since the Comcast WAN is separated from your two LANs by the firewalls, they are really no more connected to each other than they are to anyone else on the internet.  You should be fine.
LVL 26

Accepted Solution

Fred Marshall earned 750 total points
ID: 39202188
Yet, I presume the two networks are collocated so that the physical connection you want is available.....

Here's what I do with no worse "interconnection" than being a node on the internet:

Install an "Internet Switch" that is connected between the Comcast interface and the other public IP addressed devices on your side of things.

Then you connect the WAN ports to the switch and assign them out of your public IP address block.  
And, as you plan, point to the appropriate gateway addresses.

You can have *all* the public addresses running through this one switch - even if there are different ISPs, address blocks, etc.  Then, if it's a managed switch, you can monitor what's going on.  If the networks are protected from the internet, then they are protected from this "mini-internet" at the switch.

Expert Comment

ID: 39202330
If I'm understanding your question, you have two Internet connections, and two separate internal network. And you want to be able to share the two Internet connections (one as primary; one as failover), without allowing connectivity between the two internal networks.

The problem with using a switch is that you won't have the failover. At best, you'd be able to manually set the routers to the second default gateway, in the event the primary fails. But that's certainly not automatic.

I'd suggest getting a decent router - I'd use a SonicWALL, but you'd be fine with any decent brand - and connecting both Internet routers to it: One as Primary WAN; the other as Failover. Then I'd connect each network's switch to that router, but define the ports as being in different networks. (I.e. port 1 is in, and port 2 is in Each network will connect to its own router port, and that router can reach the Internet using either ISP, with automatic failover. You can configure firewall rules in the SonicWALL to prevent the two internal LANs from talking to each other.

Alternately, you could get two additional routers - one for each internal LAN, and then feed both of THEM to the centralized Internet router (which is still connected to both ISP routers.) In this model, you would keep all the LAN ports on the central router in the same LAN.

Author Comment

ID: 39202371

I actually have two Sonicwall Firewalls with multiple WAN interfaces. One Firewall on each network. I have three ISPs in total.

I have one ISP assigned to each Firewall as the as the primary WAN. My question was about sharing the third ISP as a fail-over on both Firewalls. Since I have a block of 5 IP addresses with the third ISP, I think the switch will work.


Expert Comment

ID: 39202398
In that case, I suspect you're right.

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
In this article, we’ll look at how to deploy ProxySQL.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question