High Availability - 2nd WAN link


#1

We’re deploying a pair of Balance 580’s in Drop-In mode. So for the primary ISP, we just followed this guide and everything works fine. We have the first ISP in WAN2 since we can’t use WAN1 as it’s only for ‘LAN Bypass’. So for that first ISP, we have a public IP on Balance 1, a public IP on Balance 2, a public IP on the Balance VIP, and then a public IP on the firewall (since it’s drop-in mode). So that’s 4 IP’s with ISP1. So we sync’ed that config and everything works as expected. But then we add ISP2 and that’s where I get confused. Do we just need 1 IP (essentially a VIP) for that ISP2 on WAN3 or do we need an IP on each Balance? Once we enable sync, I’m only able to edit WAN settings on the Master. I suspect the 3 IPs (4 counting the firewall) are only needed on that primary WAN that’s also doing the VRRP/HA but I wanted to verify that setup for additional ISP’s in an HA config.

Thanks,

John


#2

You only need one IP address for the secondary WAN connection. You are correct this IP address is configured on the master and used by the slave during a failover, as VRRP is done on the primary WAN.


#3

Thanks for the clarification. I think my issue may have been with the sync from master by Serial #. When I added that 2nd ISP on WAN3, it never came over to the slave. I tried disabling and re-enabling the sync but it never appeared. So I downloaded the config and manually added it to the slave and now I do indeed see that 2nd ISP on WAN3. So I’m not sure what’s happening their but the hope is we could just set it up to sync from the master, manage the master, and the slave would always get those changes but that wasn’t working for me on adding a new WAN connection.


#4

Hi John,

This is not the expected behavior. Both Balance 580 are same hardware and firmware version?