WAN failover and States

Forum|Forum|4 years ago
September 17, 2021
2 replies
2732 views

I've been searching from time to time about how to kill states on a Tier 2 failover WAN when Tier 1 becomes available again. This is really frustrating and wondering why there hasn't been a simple solution for it. The primary issue is my IoT hosts. I've even changed their firewall rules for many of them to only allow them out the Primary WAN as their Gateway (Firewall Rules > Advanced Options > Gateway) as a work-around applinked, but noticed yesterday after a power outage they were still using the Tier 2 WAN somehow. Once Tier 1 is available, I have to manually kill all states on that link. Has anyone figured out a solution that works for them?

lobstercreed

New Member

SD-WAN may help you, although I think established connections are not killed unless the state of the active link does down. The other thing I've done in the past is configure a script to look for sessions to certain IP addresses (in my case it was a SIP gateway) on the backup link and kill these sessions. It ran overnight every night so that it didn't disrupt traffic during the day but the traffic wouldn't continue over the backup link for too long.

Toshi_Esumi

SuperUser

Try below if not enabled.

config system global
  set snat-route-change enable  (by default it's disabled)
end

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded