Skip to main content
SZ1977
SZ1977
New Member
June 21, 2019
Question

LAN down can WAN take over?

  • June 21, 2019
  • 1 reply
  • 3381 views

I am not sure, if this is possible what I plan to do. Here is the explanation:

 

We have two branches and one corporate office (CO) in the city. Currently the branches are connected via VPN to the CO. Now we have the opportunity to setup Point-to-Point (PtP) Connections between the Branches and the CO. This would reduce complexity to the maximum and also boost the connectivity speed as well cut our internet costs (Internet here in this part of the world is extremely expensive (2Mbit around USD 1500/monthly) In theory, the branches will becoming part of the CO-LAN. For redundancy reasons, we would like to have a WAN-Failover at the branches (just in case if the PtP goes down).

 

Corporate Office is using a HA-Cluster of FGT-91E while the branches have a FGT-51E, so distributed clustering etc. is not possible. Using WAN Failover (PtP as WAN1 and ISP1 as WAN2) would be an option, but is this best practice to have internal services like Active Directory, DHCP etc. running?...

 

The additional challenge is, that the branches should primary use the Internet Uplink from the Corporate Office, hence I am struggling with the routing, default gateway etc.

 

you may have a look at the network diagram attached.

 

Thanks for ideas in advance.

Stefan

 

 

 

    1 reply

    emnoc
    emnoc
    New Member
    June 21, 2019

    Yes you can do all that you want and back haul all traffic from the  Branch thru the pt2pt. Just used static routes and  priority set for the  pt2pt and if that fails you can throw all traffic down the internet isp within the scope of the policies that allows for proper SNAT and  the serviced that's allowed. As far as  running  any domain services like MS-AD, if your pt2pt is down, what services in  CO would a branch office requires ? ( i.e  DNS,  LogonServices, DHCP,etc....)

     

    Ken

    SZ1977
    SZ1977Author
    New Member
    June 24, 2019

    Thank you Ken. That is reducing a lot of pressure.

    It is a good question to consider services provided by the CO to branches which might be unavailable if the PtP is down. DHCP can be handled with longer lease times, DNS with an external one (lucky me I have a trusted external source), FileSharing and remote login to some services running at CO might be affected - but even with this we currently deal daily (our uptime is at an unsatisfying level of 97%..) and we could establish the routes back to CO via VPN if the outage exceeds an acceptable level. Maybe we could have the VPN established anyway? Could that be an option as well? The PtP will be established within the next 2-3 weeks. Maybe it's a good idea to keep the forum updated after we have finished the job.

    Stefan

    Terms & ConditionsAccessibility statement