Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[loicFr]

Hi everyone,
After spending one day on trying everything I could, I figured I would have nothing to lose to ask for help ^^

The problem is simple:
I have two ISPs, each providing multiple public IPs. (let's say xx.xx.xx.0/24 and yy.yy.yy.0/24)
I have two servers on the DMZ network (dd.dd.dd.0/24) and I would like to be able to reach those two servers from both public IPs.

Right now, it only works with WAN1 and WAN2 doesn't even answer a ping.

I am open to any thought or solution!    

Thanks a lot,

Loic  


Here is a quick diagram because it's always clearer this way:



Now, my actual FW configuration:





















Thanks again for your help!

-up

[danilovav]

1) First, you need to process connections from each WAN separately.

Routing > Routing tables
Create new one named wan2
Create route (interface, network, gateway, metric)
wan2 all-nets wan2_gw 100

Routing > Routing rules
wan2/all-nets any/all-nets, forward main, return wan2

I recommend you to do the same for wan1, but it's not mandatoroy

2) As i understand, your DMZ is "gray", right?

3) Rules > wan1_to_dmz, wan2_to_dmz
SAT/Allow rules should be with wan1/all-nets core/wan1_ip networks (for wan2 - replace wan interface)

4) Rules > dmz_to_wan1, dmz_to_wan2
Allow_SMTP rules not working because your traffic passed thru NAT all_tcpudp, so you can remove this rules

5) Rules > Access
I don't see this items are necessary

6) Routing > Routing tables > main
Add routes (interface, network, metric)
core Wan1_VPNServer 0
core Wan1_WebServer 0
core Wan2_VPNServer 0
core Wan2_WebServer 0