So if I install a balance 310x in drop in mode, do I have to set our existing firewall to DHCP on it’s WAN?
If not, how exactly does our firewall know to route out the backup WANs of the balance if WAN1 goes down?
Our firewalls would have the gateway of WAN1 static assigned, so wouldn’t it be trying to go to that gateway to get out?
When in drop in mode with your firewall connected to its LAN, the B310x will look like the ISP router your firewall normally connects to. You don’t need to make any changes to the firewall WAN settings.
If the ISP WAN fails, the B310x still listens on and replies from the original IP (of the ISP router) to and from your firewall - so your firewall doesn’t know there has been an ISP failure.
But instead of the B310x sending traffic out via the (now dead ISP router) it will send it via another healthy WAN (using NAT).
The only thing that fails in this situation is inbound traffic from the internet to the original ISP router public IP. If you need inbound services to work then you’ll likely want to use SpeedFusion and a static IP on a FusionHub in the cloud.
1 Like
So its spoofing the WAN1 gateway at the ISP?
If you pinged the WAN1 ISP gateway it would actually be pinging the pepwave?
FusionHub in the cloud - Is this speedfusion cloud offering from pepwave? I thought you couldn’t do a static with that?
Its spoofing the ISP router that would have been connected to the WAN of your firewall before you drop in the Peplink.
Yes
FusionHub is a self hosted SpeedFusion Appliance Setting Up FusionHub on Vultr – Martin Langmaid – SDWAN Architect
So drop in mode wouldn’t really be useful if you didn’t have backup WAN/Cellular right? In drop in mode it’s passing traffic like it’s not even there? So existing port forwards work the same etc.
There isn’t much point no. Although you could add WANs later on demand very easily.
In drop in mode - does any firewall or protocol blocking take place on the pepwave? Or does it completely bypass all of that?
Drop in mode is basically for failing over to other wans? Without messing with the IP settings on exisiting firewalls?