OK, I bought a FVS336Gv2. Overall I am very impressed but I am running into a few issues that might be workable, I just haven't figured them out yet.
My network details:
- WAN1 = Mediacom cable 12Mbps (fast, but has been down more times than I can count)
- WAN2 = Harborcom DSL 1.5Mbps (slow but has only gone down twice in 8 years)
The other end (my corporate office) has a UTM25 but only one WAN in use.
I have a few servers on my local network and created duplicate port firewall rules for WAN1 and WAN2, these seem to work fine.
I need both WANs on the FVS336 to be active at all times. The only way I have found to do this is with load balancing mode. Auto-failover doesn't connect the secondary interface until the primary fails. I want most of the outbound traffic to use the faster connection but failover to the slow one if necessary. I have some traffic that violates Mediacom's TOS and MUST use the DSL connection. To accomplish this I created protocol binding rules: "ANY ANY ANY" on WAN1 and specific rules on WAN2. Don't know if this is the right way but it seems to work. If I pull the plug on WAN1 I am shortly able to see all traffic using WAN2.
I would also like to setup redundant VPNs to the corporate office. The wizard worked just fine, creating the first one on WAN2 using the FQDNs of WAN2 and the destination. But when I try to create a second VPN to the same remote LAN, using a different destination FQDN (points to same IP) and WAN1's source FQDN it complains "Invalid Configuration, Can't Add Policy" I'm guessing it does not like having two VPNs to the same remote LAN subnet.
I see an "Enable Rollover" option in the VPN policy. However this only works in Auto-Rollover mode which I cannot use because Auto-Rollover doesn't keep both connections alive. I need something that will work in Load Balancing mode, or I need an option in Auto-Rollover mode that will keep both connections alive.
Am I missing something?
My network details:
- WAN1 = Mediacom cable 12Mbps (fast, but has been down more times than I can count)
- WAN2 = Harborcom DSL 1.5Mbps (slow but has only gone down twice in 8 years)
The other end (my corporate office) has a UTM25 but only one WAN in use.
I have a few servers on my local network and created duplicate port firewall rules for WAN1 and WAN2, these seem to work fine.
I need both WANs on the FVS336 to be active at all times. The only way I have found to do this is with load balancing mode. Auto-failover doesn't connect the secondary interface until the primary fails. I want most of the outbound traffic to use the faster connection but failover to the slow one if necessary. I have some traffic that violates Mediacom's TOS and MUST use the DSL connection. To accomplish this I created protocol binding rules: "ANY ANY ANY" on WAN1 and specific rules on WAN2. Don't know if this is the right way but it seems to work. If I pull the plug on WAN1 I am shortly able to see all traffic using WAN2.
I would also like to setup redundant VPNs to the corporate office. The wizard worked just fine, creating the first one on WAN2 using the FQDNs of WAN2 and the destination. But when I try to create a second VPN to the same remote LAN, using a different destination FQDN (points to same IP) and WAN1's source FQDN it complains "Invalid Configuration, Can't Add Policy" I'm guessing it does not like having two VPNs to the same remote LAN subnet.
I see an "Enable Rollover" option in the VPN policy. However this only works in Auto-Rollover mode which I cannot use because Auto-Rollover doesn't keep both connections alive. I need something that will work in Load Balancing mode, or I need an option in Auto-Rollover mode that will keep both connections alive.
Am I missing something?