D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: Xetick on March 12, 2009, 02:36:41 PM

Title: DFL-1600 with failover LAN and WAN
Post by: Xetick on March 12, 2009, 02:36:41 PM

Hello

I have tried to make this setup work for a while but I just can't figure out where I go wrong. But lets start at the beginning. The scenario is as follows

- A few servers with redundant networks
- Servers are connected to two switches (HP Procurve 2810)
- Switches are interconnected so switch1 and switch2 are connected.
- Switches have IEEE 802.1 spanning tree enabled
- Switches are connected to one lan port on the firewall each. So switch1 is connected to lan1 and switch2 is connected to lan2.

Using this setup any switch or cable can be disconnected and everything will still work.

My problem is with getting the firewall to understand that lan1 and lan2 uses the same ip and should failover if one goes down. All I have managed to do is to completely lock up the firewall when experimenting with a custom router table and router policy.

The same problem exists on the WAN since I can/will have two wan cables that goes into the switch but they both exists on the same WAN network so the gateway and ip's are the same. All examples I have found uses different networks/gwateways for failover.

So is this setup even possible and if so how?

Regards
 Joakim E.

Title: Re: DFL-1600 with failover LAN and WAN
Post by: Fatman on March 13, 2009, 03:54:25 PM

This setup may be possible, I have never attempted anything like it however.  I would start by putting the LAN and WAN interfaces into seperate transparent mode groups and publishing the first IP on the second interface.

This is definitely not what they envisioned you doing with the product.  Best of luck.

Title: Re: DFL-1600 with failover LAN and WAN
Post by: napster on April 05, 2009, 01:08:05 AM

with the switch it seems that you require to enable the VRRP on the same .

have you enabled the same?

It seems that you want to enable the transparent mode on LAN1 and LAN2 and also activate the failover on these ports .
now once you enable the transparent mode on these ports the routing capability will be disabled and failover of the routes and the traffic through the same ports wont be possible .
Now what you require is enabling the VRRP on the switches, and the failover of the WAN ports will be possible with the PBR on the firewall.

kindly let me know the exact network setup along with the settings switch .