D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: bbl on November 23, 2012, 10:24:14 AM
-
We host some web sites on servers in our office. We have two internet connections, a primary and a backup connection (with separate IP address ranges.)
Normally, our external DNS points to the primary internet connection. Our external DNS has fail-over detection, where it will try to ping a server, or load a web page on our end, to detect if the primary internet connection has gone down. When it does, it switches our DNS over to the secondary IP addresses.
I would like the fail-over to be able to ping our DFL-800 from the internet on it's primary internet connection, and have the DFL-800 respond directly, without sending the ping into our LAN. That way, our fail-over detection is not dependent on devices on our LAN.
However, our DFL-800 won't respond when I ping it's external IP addresses.
I've created an Inbound Rule:
Action: Allow
Service: Inbound-ping
Source interface: any
Dest internace: any
Source network: all-nets
Dest network: 173.xxx.xxx.xxx (one of our external IP addresses)
However, it still won't respond to the ping. Do I need to do something else?
-
For main connection, only one IP rule is enouth - Allow wan/all-nets core/wan_ip ping-inbound.
Don't use Allow any/any rules!
If you want to ping additional WAN also, in addition with rule, you need to configure alternative routing table for this WAN and process inbound connections thru it by PBR.
-
I tried setting up that and made it the first rule, but the dfl-800 still won't respond to pings from the wan.
Name: allowping
Action: Allow
Service: ping-inbound
Schedule: none
Source: wan1
Network: all-nets
Destination: core
Network: (external IP)
Is there something else I need to set up?
-
Do you have static IP or DHCP?
Which WAN interface is used as main (default route)?
Show Status > Routes
From where (internal or external) you're trying to test ping?