Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco IP SLA Firewall Equivilant

Posted on 2013-10-29
2
Medium Priority
?
1,092 Views
Last Modified: 2013-10-29
On common problem that you have to deal with in a network is choosing the best path.  In small companies often this just means keeping a group of say 20, 40 people connected
to the Internet.  With Cisco IOS there is a feature I really like called "IP SLA" where I can set a target IP address and use ICMP Echo to verify that the path is good and then setup routes that rely on this upnessness.  If the path goes bad a floating static route with a higher weight is ready to take over in just a few seconds.  It works flawlessly.  

I wondered if a similar feature existed in either Cisco or other firewalls (Sonicwall, Juniper, other?).  And I have one additional requirement.  

                                                {ISP A}
So imagine (LAN)---[Firewall]<
                                                {ISP B}

Hopefully that beautiful ASCII art draws ok when I post.  But in effect I want two ISPs
on the outside of my firewall.  Each ISP has given me a small /27 block.  I want the firewall to verify the path to the Internet is good via each ISP and for it to prefer ISP A in most cases.  What firewalls have the equivalent of IP SLA to assure that there is a good path to the Internet at all times?  I assume I would have two Outside Interfaces and one inside interface and NAT would correspond with the path taken.
0
Comment
Question by:amigan_99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 26

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 39609570
Hi amigan_99,

In every SonicWALL Security Appliance currently available this is just called multi-WAN failover/load-balancing (LB). For failover you can use a few different schemes: Basic Active/Passive Failover, Round Robin, Spillover-Based, or Percentage-Based (Ratio). It then probes the IPs and deactivates/reactivates based on the responses and your configuration.

I know you can us LB for other zones but not sure if fail-over is available for other zones outside of the WANs.

Let me know if you have any other questions!
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 39609676
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question