Skip to main content
vitor_ribeiro
vitor_ribeiro
New Member
August 5, 2015
Question

Wan Load Balance with DMZ

  • August 5, 2015
  • 3 replies
  • 4554 views

Good Morning,

 

I have an scenario with 2 Wans, 1 DMZ and 1 Internal Network, i have a wan-load-balance with wan1 and wan2, DMZ in port2 and Internal Network in port1. I have to traffic  source network X and Y to destination 0.0.0.0 ( ! DMZ ) trough wan2 only, but routing inside wan-load-balance has a higher priority than policy route and static route, so every traffic to DMZ goes to wan2, and i can 't create a routing to DMZ inside wanloadbalance, once DMZ is not inside wan-load-balance.

 

Please, tell me that someone found out a way to solve this without inserting DMZ to wan-load-balance, there is no way this is the only way, i can't imagine my policies only with wan-load-balance definitions, it doesnt sound right...

 

Greetings from Brazil.

 

Vitor Ribeiro

    3 replies

    gschmitt
    gschmitt
    New Member
    August 5, 2015

    You don't need any route for DMZ since directly connected networks automatically get routes on their own.

     

    If I understand you correctly you have a policy route for 0.0.0.0 routing traffic via wan2

    And if you now try to connect to something in the DMZ the traffic gets routed to wan2 (you assume)

     

    I doubt that this is the case but if you want to test it simply delete your existing 0.0.0.0 route in wan-load-balance, create 2 new 0.0.0.0-your.dmz.network.ip IP Range and a Your.dmz.network.ip-255.255.255.255 address objects

     

    Recreate your route with those two objects, now everything BUT your DMZ is routed to wan2

    vitor_ribeiro
    vitor_ribeiroAuthor
    New Member
    August 5, 2015

    No... you didnt understand.

     

    Its not the policyroute, its the routing inside wan load balance, and i do need route to the DMZ, otherwise internal network will go to the internet and then return to my FW to access the DMZ, my DMZ has a valid ip range.

     

    gschmitt
    gschmitt
    New Member
    August 6, 2015

    vitor.ribeiro wrote:

    Its not the policyroute, its the routing inside wan load balance, and i do need route to the DMZ, otherwise internal network will go to the internet and then return to my FW to access the DMZ, my DMZ has a valid ip range.

    That's actually what I meant

     

    I doubt that this is the issue since directly connected networks are normally always prioritiesed over 0.0.0.0/0 routes

    vitor_ribeiro
    vitor_ribeiroAuthor
    New Member
    August 7, 2015

    Yes, it should.. But any route included inside services of WANLOADBALANCE will have higher priority than static and policy....

    strange, but it is happening..

     

    Terms & ConditionsAccessibility statement