Fireware “How To”

Fireware “How To”
Fireware “How To”
How do I set up the Firebox for multi-WAN in round-robin order?
Fireware’s multi-WAN functionality is designed to give the Firebox® administrator more control and greater efficiency
with a very large or high-traffic network. You can use Fireware™ Pro appliance software to configure up to four Firebox interfaces as external or wide area network (WAN) interfaces. You can control the flow of traffic through multiple
WAN interfaces to share the load of outgoing traffic.
Fireware gives you the option to configure multiple external interfaces, each on a different subnet. This allows you to
connect the Firebox to more than one Internet Service Provider (ISP). When you configure multiple external interfaces, you have two options to control which interface that outgoing packets use. The options are:
Multi-WAN in round robin order
If you select “round robin” order, you can share the load of outgoing traffic among external interfaces like this:
- The first host, with IP address x.x.x.x, sends an HTTP request to the Internet. The packets in this session are
sent through the lowest number external interface.
- The second host, with IP address y.y.y.y, sends an HTTP request to the Internet. The packets in this session
are sent through the external interface with the second higher number.
- The third host, with IP address z.z.z.z, sends an HTTP request to the Internet. The packets in this session are
sent through the lowest number external interface (if there are only two external interfaces configured) or
the third higher number external interface.
- As each host initiates a connection, the Firebox cycles through external interfaces using the pattern
explained above.
Multi-WAN in backup order
If you select this option, the lowest number external interface configured in your list becomes the primary
external interface. All other external interfaces are backup external interfaces. The Firebox sends all outgoing
traffic to the primary external interface. If the primary external interface is not active, the Firebox sends traffic to
the first backup interface.
This document describes how to configure the Firebox to use multiple external interfaces in round robin order to
help share the load of outgoing connections.
Is there anything I need to know before I start?
As soon as you configure a second external interface, multiple WAN support is automatically enabled with MultiWAN in round robin order set as the default.
Note that:
• If you have a policy configured with an individual external interface alias in its configuration, you must change
the configuration to use the alias “Any-External”.
• You cannot use 1-to-1 NAT in a multiple WAN configuration.
• Multiple WAN support does not apply to branch office or Mobile User VPN traffic. Branch office and Mobile User
VPN traffic always uses the first external interface configured for the Firebox. PPTP user VPN operates correctly in
a multiple WAN configuration.
• The Multiple WAN feature is not supported in drop-in mode.
Configure the Firebox for Multi-WAN in Round-Robin Order
From Policy Manager, select Network > Configuration.
The Network Configuration dialog box appears.
Select the interface you want to configure as external and click Configure. Select External from the Interface
Type drop-down list to activate the dialog box. Type an interface name and description.
You must have a minimum of two external network interfaces configured before you can see and configure multi-WAN
Type the IP address and default gateway for the interface. Click OK. To add more external interfaces, repeat steps
2 and 3.
When you type an IP address, type all the numbers and the periods. Do not use the TAB or arrow key.
After you configure a second external interface, multiple WAN configuration options appear in the Network Configuration
dialog box.
Make sure that Multi-WAN in round robin order is selected. This will send traffic sessions through the external
interfaces in sequence.
Click OK. Save your changes to the Firebox.
Frequently Asked Questions About This Procedure
I have a public SMTP server behind my Firebox. Because the multi-WAN feature does not work with 1-to-1
NAT, what do I do?
Because you cannot use 1-to-1 NAT with the multi-WAN feature, you will have to set up a static NAT rule to allow
access to your public SMTP e-mail server. Then, you must set up multiple MX records, one for each external
Firebox interface.
COPYRIGHT © 2006 WatchGuard Technologies, Inc. All rights reserved.
WatchGuard, the WatchGuard logo, Firebox, and Core are registered trademarks or trademarks of WatchGuard
nologies, Inc. in the United States and/or other countries.
U.S. and Canada +877.232.3531
All Other Countries +1.206.613.0456
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF