Hi.
I have a unique issue with a client. They want for normal days (First part)
1 ISP that is used for upload only (Wan1)
1 ISP that is used for download only (Wan2)
Best method to set this up?
Then, on streaming days they want to switch it to (second part)
WAN 1 dedicated to up/down for two IPs (streaming devices...can be MAC address as well)
WAN 2 dedicated to up/down for all else.
if this can be a manual schedule we set up. great.
Thoughts? I know how to do the second part, but not have it change easily to the first part. I am not sure how to setup the first part.
Thanks,
CL
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Off the top of my head there is a glaring flaw in their first requirement: all traffic, whether upload or download, is initiated by the client (internally), right? So there is no way to distinguish between the two unless there are particular hosts or applications that are used for "upload" vs "download".
Or is the "upload" traffic actually coming from other users on the Internet accessing their files? Like on an FTP server or something?
If it's the way I assumed, then I don't really think you can do this, period. *Maybe* if you break NAT, but then you'd basically be spoofing the IP address of ISP 2 out the ISP 1 interface and they'd probably get pretty mad about that. Are you doing BGP or anything, or just NAT-ing using the two wan interface IPs?
Understood. I couldn't figure out a way to say if it was upload or download from the client side, and wanted to make sure I wasn't missing anything.
They are simply doing two wan interfaces that are NATed. NO BGP. I think just enabling SD-WAN for them, and then force the two streaming devices to only use WAN2 via a policy route is the best I can do.
Sounds right, although there would need to be some manual tweaking on "streaming days", right? Just because you force the streaming devices out one WAN doesn't mean the other devices won't use it according the SD-WAN load balancing then too unless you manually tweak the balance on those days. Probably need some traffic shaping on top of this...
Yes, my guess is I would have to change the the weight to 100 and 0 for the other devices so they essentially use WAN2 only. We shall see what the client thinks. Before they had WAN2 I had traffic shaping for the streaming devices for guaranteed bandwidth.
just an fyi.
WAN 1 = Fiber, 50M x 50M
WAN 2 = Cable, 200M x 10M
Thanks
Hmm, I certainly see why they want the upload to go out WAN 1, ha. Are there particular applications or users that do a lot of uploading? Like is it always FTP, or could it be OneDrive/GoogleDrive sync (over HTTPS), etc?
hmm, I see where you are going. All users, but I believe they upload strictly through Box over HTTPS. They are a media production company, so they have very large files.
If you're on new enough code (I think 5.6 or later) you could try using the Box-Web Internet service definition in your SD-WAN rules and tell it to go out only the wan 1 interface for that type of traffic. (I thought you could do that with policy route, but it appears not.)
They are on 5.6. I was even thinking they should go to 6.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.