D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: addicted on April 24, 2009, 01:08:34 PM

Title: DFL-800
Post by: addicted on April 24, 2009, 01:08:34 PM: Dear All

I have one DFL-800 Firewall working properly

Recently I got one more WAN connection as the WAN2 connection could not be upgraded more than 1 MBPS

WAN2 is a 4MBPS connection. Now I have WAN1 - 1MBPS & WAN2 4MBPS

I would like to setup my network which is on 192.168.0.1-192.168.0.255 to use both wan connections same time for more faster access to users

The problem is I dont want Secure connections on WAN2. only Yahoo / MSN / other chat programs and HTTP only if possible should be routed on WAN2. WAN1 should provide SECURE connectivity

Please advise possibility and a solution

regards
Title: Re: DFL-800
Post by: Fatman on April 24, 2009, 01:37:46 PM: Unfortunately this device does not support dynamic load balancing, which is what it looks like you are trying to describe.

We do support static load balancing, which would allow you to specify a routing table (and thus a WAN) for traffic based on source or destination, network or interface as well as service and schedule. For this you will need to use routing rules.

The good folks in business class support can walk you through all of this.
1 877 354 6555.
Title: Re: DFL-800
Post by: addicted on April 25, 2009, 01:48:23 AM: I do have both the WANs on Static IP

WAN1 - 192.168.0.200

WAN2 - 192.168.1.200

LAN network is on 192.168.0.1- 192.168.0.250
Title: Re: DFL-800
Post by: Fatman on April 27, 2009, 09:04:30 AM: When I referred to static or dynamic load balancing I was not referring to how you assign your WAN IP.

I was referring to how the traffic is routed, either statically across both WANs using hand crafted routing rules or dynamically based on a load balancing algorithm. the DFL-800 does not do it dynamically, only via static routing rules.

P.S. If your WAN1_Net is truly the same as your LAN_Net your are going to have ~~some~~ alot of issues.

*** Edited by Fatman because he speaks the bestest english of whole class. ***
Title: Re: DFL-800
Post by: addicted on April 27, 2009, 10:37:37 AM: thanks a lot for your reply

I would like to do it statically but lack of some knowledge

Can u please guide a little

Regards
Title: Re: DFL-800
Post by: Fatman on April 27, 2009, 10:47:10 AM: You are going to have to create 2 routing tables, one which has a WAN1 default route with a lower metric and one that has a WAN2 default route with a lower metric.

I would ensure that all default gateway routes have route monitoring tuned on so that you can fail over in both directions.

You are going to need to add routing rules specifying types of traffic and their routing table.

You are going to need IP Rules allowing the traffic to pass over whichever WANs you with it to legally pass over.

This document may assist you in this.

http://security.dlink.com.tw/support_ds_view2.asp?ModelSno=IR&DownloadFileType=5&LinkFrom=document&Sno=HOKL
Title: Re: DFL-800
Post by: addicted on April 27, 2009, 10:55:29 AM: Sorry to bother you but one more thing to clarify

in my scenario I have WAN1 Proxy connection. I have to authenticate on every request

WAN2 is direct

Will it effect any thing

Also is there a possiblity that HTTP, TCP,UDP traffic could go through WAN2 and HTTPS only i.e secure connections should go through WAN1
Title: Re: DFL-800
Post by: addicted on April 28, 2009, 06:08:07 AM: basically I m running a internet cafe. any other suggestion is also welcome
Title: Re: DFL-800
Post by: Fatman on April 29, 2009, 09:02:20 AM: No bother at all, don't worry.

Quote from: addicted on April 27, 2009, 10:55:29 AM
in my scenario I have WAN1 Proxy connection. I have to authenticate on every request

WAN2 is direct

Will it effect any thing
I assume you mean an HTTP proxy with HTTP authentication, no it should not be an issue, but keep in mind if you need to ensure that HTTP flows through that proxy it will need to have a routing rule specifying HTTP and the routing table that places that WAN first, or one with only that WAN (to prevent fail over to a non proxies WAN). This does not appear to be the issue however based on your next question.

Quote from: addicted on April 27, 2009, 10:55:29 AM
Also is there a possiblity that HTTP, TCP,UDP traffic could go through WAN2 and HTTPS only i.e secure connections should go through WAN1

Absolutely, the purpose of routing rules is to direct specific traffic out a particular WAN. Simply specify those services and their WANs when setting up your routing rules.
Title: Re: DFL-800
Post by: addicted on May 01, 2009, 09:04:27 PM: Dear Sir

trying for the past 2 days but invain

any possibility for a config file from your side which i can upload

or if u can remotely config and help me

please advise

Regards
Title: Re: DFL-800
Post by: Fatman on May 04, 2009, 08:29:08 AM: Unfortunately I do not have a config file prepared for your exact scenario, for more hands on support you may want to call the number I referred you to earlier. This is an fairly advanced implementation and is fairly difficult to transcribe via the written word.
Title: Re: DFL-800
Post by: addicted on May 04, 2009, 02:49:48 PM: Dear Sir,

Really appreciate the support u have provided me uptil now

As far as the Support through telephone is concerned, I have called the mentioned number but they need US telephone number which I cant provide due to my location i.e. UAE- Dubai

Dlink Support Dubai is not providing even this much information which you have provided me

If possible, can u provide a dummy config for both WANS to work. IP rules ill add by my scenario

Please advise

Thanks again

Regards
Title: Re: DFL-800
Post by: addicted on May 06, 2009, 07:53:56 AM: Dear Fatman

I had somehow manage to enable routing rules

Please help in following:

Routing Table Created ordering First

In routing Rules I have created two rules allowing services on WAN2 and WAN1

Service enabled : HTTPS Service

Standard Services : All_TCP_UDP

When I disable standard services, HTTPS is going through WAN1 as I need. but when I enable standard services it stop responding. HTTP works good and through WAN2 only

MSN and Yahoo also not working

Please advise possibilities

regards
Title: Re: DFL-800
Post by: Fatman on May 06, 2009, 09:50:51 AM: I would check your IP Rules first to ensure that they are allowing traffic out whatever WAN that traffic should be escaping.
Title: Re: DFL-800
Post by: addicted on May 10, 2009, 04:30:20 AM: Dear Fatman

Thanks a lot for your help in my entire config.

At present everything working cool. here is my one more question:

My Configuration is
3Com ADSL Modem Router - 1mbps with static public ip of 83.xxx.xxx.xx
3Com ADSL Modem Router - 4mbps with dynamic public ip of 96.xxx.xxx.xx

Both the WANs getting connected to DFL-800 WAN1 & WAN2 respectively

As discussed before, secure connections are going through WAN1 i.e of static public IP. most of the websites are recording my ip of 2nd WAN i.e dynamic one cause http is on wan2

Is there any way i can show only my static ip (WAN1 IP) for every trace or website logs

Thanks in advance
Title: Re: DFL-800
Post by: Fatman on May 12, 2009, 08:21:18 AM: Quote from: addicted on May 10, 2009, 04:30:20 AM
Is there any way i can show only my static ip (WAN1 IP) for every trace or website logs

I am not sure what you mean by that request, please clarify.

If you are referring to the logs on remote webservers visited by devices on your LAN then you would need to access them over that WAN then.