topic Re: SMB and ISP Redundancy in HA mode in Spark Firewall (SMB)

SMB and ISP Redundancy in HA mode

BikeMan — Wed, 29 Mar 2023 11:39:42 GMT

Hello allo,

I have a small question about ISPR on SMB (1500 running last os version) centrally managed.

SMB are working in cluster and working fine.

If I want to used ISPR I see in the relevant doc that it is required to uncheck box "Use as default route".

But If I want to use ISPR in HA mode, I think I have to keep this box checked for both ISP and set a different priority for each ISP.

I have tested by unchecking, but in this case I am losing the default route.

Is it the right way to configure ISPR in HA mode ?

And I guess in the NAT layer I have to use automatic NAT behind the cluster (as usual).

Sorry for asking, but I have no lab and test is currently not available...

Thanks

Re: SMB and ISP Redundancy in HA mode

G_W_Albrecht — Wed, 29 Mar 2023 12:02:24 GMT

Not true:

Clear the Route traffic through this connection by default checkbox when you do not want this Internet connection used as a default route for this gateway. The connection is used by the device only if specific, usually service-based, routing rules are defined for it. This is commonly used when you have a connection that is used for dedicated traffic. When you clear this option, this connection does not participate in High Availability or Load Balancing.

So you should not uncheck box "Use as default route"!

If the gateway's global hide NAT is turned on in the Access Policy > NAT page, you can disable NAT settings for specified internet connections.

You can use Access Policy NAT setting.

Re: SMB and ISP Redundancy in HA mode

BikeMan — Wed, 29 Mar 2023 14:13:41 GMT

Thanks for the answer.

Well... following what I read I am true. For ISPR in HA mode:

- Checkbox related to Defaut route has to be checked (not cleared) for both ISP (because I want use this route as defaut route...);

- Assign priority 1 to ISP1 route (within the Internet connection tab);

- Assigne priority 2 to ISP2 route (within the Internet connection tab);

Let the probe and monitoring work.

Another question: with non-SMB devices ISPR has to use different probed host for each ISP (and are configured using dashboard). For SMB, do I also have to use different probed ip ?

Thanks

Re: SMB and ISP Redundancy in HA mode

G_W_Albrecht — Wed, 29 Mar 2023 14:21:41 GMT

As every ISP would have a different IP this is always needed. With SMB R81.10.0x, most things work like with GAiA appliances...

Re: SMB and ISP Redundancy in HA mode

BikeMan — Wed, 29 Mar 2023 15:53:13 GMT

ok, thanks. Will try and coma back if fails.

Re: SMB and ISP Redundancy in HA mode

BikeMan — Tue, 25 Apr 2023 09:53:43 GMT

Hi,

Back about this topic.

The probing is configured with 2 different ip. But when ISP2 is probing (ping), it is NATted with primary ISP so ISP2 is always down...

NAT rule is the 0, so may be I have missed something, but what ???

Current running version: 81.10

Any idea ?

Thanks,

Re: SMB and ISP Redundancy in HA mode

G_W_Albrecht — Tue, 25 Apr 2023 10:46:45 GMT

How do you expect it should be ? You selected Primary/Backup, so Primary is always used until probing Primary fails ! That is the nature of HA ISP Redundancy...

Re: SMB and ISP Redundancy in HA mode

BikeMan — Tue, 25 Apr 2023 11:08:35 GMT

Not at all.

Both ISP1 and ISP2 are using their own ip to probe a remote host. Both link are monitored in the same time.

Found my issue: ISP2 interface was not defined as External....

So now each ISP circuit is monitoring its circuit.

Re: SMB and ISP Redundancy in HA mode

G_W_Albrecht — Tue, 25 Apr 2023 12:00:20 GMT

Yes, you are correct - probing runs on both ISPs. Sorry for the wrong info...