×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

X506 - 2 default gateways

X506 - 2 default gateways

X506 - 2 default gateways

(OP)
In our office there are 2 default gateways - one is a leased line which we use mainly for email and website (ie, traffic to our internally hosted website) traffic, the other is via broadband line and is used almost exclusively for staff internet access.

Since we installed our x506, all traffic is going over the leased line with the broadband currently unusued, while we decide the best way to utilise it. Currently I prefer the extra security over the extra speed. However we also use the leased line more and more for voice, so I want to get internet access off the leased line.

What I ideally want, is for all DMZ traffic (172.16.254.0, mapped to external IP's via virtual server on a 1 to 1 basis) to use the leased line, and for all LAN traffic (172.16.1.0) to use the broadband line. They are in separate security zones and have a default gateway of the port on the X506 to which that security zone belongs.

The device only lets you enter one default gateway, which is currently set to the leased line router...is there a way to do source based routing..or perhaps some workaround that will work efficiently, to send external LAN traffic over the broadband? I've seen some routers can send port 80 (for example) to a specific gateway...is there anything like that in the x506?

I'd also thought about whether load balancing will do it...putting the broadband router in it's own security zone also. As I say, the leased line does email and web traffic, so I presume that any requests to the website coming in from the leased line, will always go back out on that line? This is imperative, naturally. If I set the balance of say 20% to the primary link (leased line) and 80% to the secondary (broadband)...may that also work??

My other idea is to use a 3com router (5000 series) with 2 ethernet interfaces, although not entirely sure what to do there either.

Any advice appreciated, many thanks.
 

'When all else fails.......read the manual'

RE: X506 - 2 default gateways

As I do not have a x506 I cannot tell you specific device options, but here is how I do this on my Fireboxes. The theory should be the same.
I have 2 interfaces configured as External/Untrusted. One each for the T1 and the DSL.
Then I create Policy Based Routing rules to define what traffic is sent over each interface.
You should have something similar. If not, time to upgrade to a device that supports Dual wan or interface independence.
 

RE: X506 - 2 default gateways

(OP)
Hi engjohn,

Thanks for your reply.

I can't seem to find anything to that effect in the GUI. I will investigate if it can be done via CLI but I suspect not, as it would have been an obvious thing to include. It supports WAN Failover and Load Balancing...so you would think it would not have been a big deal to add this function.

'Upgrading' is not an option, this piece of kit was very expensive!

I also note there is a newer version of the software...perhaps that will help.

Thanks for your advice.

'When all else fails.......read the manual'

RE: X506 - 2 default gateways

You cannot do what you are requesting with just the Tipping Point.  You will need a high end router or switch to do the source based routing to the appropriate gateway before it hits the tipping point.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close