Solved

Cisco IP SLA Firewall Equivilant

Posted on 2013-10-29
2
952 Views
Last Modified: 2013-10-29
On common problem that you have to deal with in a network is choosing the best path.  In small companies often this just means keeping a group of say 20, 40 people connected
to the Internet.  With Cisco IOS there is a feature I really like called "IP SLA" where I can set a target IP address and use ICMP Echo to verify that the path is good and then setup routes that rely on this upnessness.  If the path goes bad a floating static route with a higher weight is ready to take over in just a few seconds.  It works flawlessly.  

I wondered if a similar feature existed in either Cisco or other firewalls (Sonicwall, Juniper, other?).  And I have one additional requirement.  

                                                {ISP A}
So imagine (LAN)---[Firewall]<
                                                {ISP B}

Hopefully that beautiful ASCII art draws ok when I post.  But in effect I want two ISPs
on the outside of my firewall.  Each ISP has given me a small /27 block.  I want the firewall to verify the path to the Internet is good via each ISP and for it to prefer ISP A in most cases.  What firewalls have the equivalent of IP SLA to assure that there is a good path to the Internet at all times?  I assume I would have two Outside Interfaces and one inside interface and NAT would correspond with the path taken.
0
Comment
Question by:amigan_99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39609570
Hi amigan_99,

In every SonicWALL Security Appliance currently available this is just called multi-WAN failover/load-balancing (LB). For failover you can use a few different schemes: Basic Active/Passive Failover, Round Robin, Spillover-Based, or Percentage-Based (Ratio). It then probes the IPs and deactivates/reactivates based on the responses and your configuration.

I know you can us LB for other zones but not sure if fail-over is available for other zones outside of the WANs.

Let me know if you have any other questions!
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 39609676
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question