I would like to seek advice on this design using 2 x MAX HD2 for hardware redundancy.
1 Like
Hi. Can you clarify the desired configuration of the FW1+2 and the switches? Perhaps you could add some example LAN clients and suggested IP addressing to make that part clear.
The short answer is yes, you could connect a pair of HD2s in a daisy chain / loop like this (WAN of one HD2 connected to LAN of the other and vice versa) with careful IP subnet/VLAN configuration / isolation, but I need to understand any implications of doing so from the point of view of the desired firewall & switch configuration. Are the firewalls in active failover configuration for example or active active? If Active Active how is the LAN traffic distributed by the switches (etc)?
Thanks,
Martin
1 Like
Hi Martin,
The firewalls are configured with active and passive mode with heartbeat interface and internal interface to identify a device failure and switch to the active firewall.
The virtual IP is only active on the active firewall. There is no switch connected on the two firewalls external interface. It will need to connect to the HD2 directly as reflected in the diagram.
On the firewalls external interface to HD2, it will be a separate single VLAN with firewall configured the default gateway to HD2 internal network port. There must be a single Virtual IP from the HD2 internal network as default gateway for the firewalls.
Please advice on the configuration for HD2 to work as in the picture.
Thanks,
Eugene
1 Like
Hi Eugene
Any reason you connect as below?
- HD2 (master) port 4 —> HD2 (slave) WAN2
- HD2 (master) WAN2 —> HD2 (slave) port 4
1 Like
Hi TK,
I am trying to achieve both internet connection and hardware redundancy via this design. If possible, Port 4 of both HD2 can only allow traffic from WAN1, LTE1 & LTE2.
Thanks
Eugene
Hi Eugene,
Just want to clarify that you want to make both HD2 as active devices and handling 4 LTE connections & 2 Wired WAN ?
2 x LTE & 1 Wired for First HD2
2 x LTE & 1 Wired for Second HD2
Thank You
Hi Sitloongs,
Yes, that is what i am trying to achieve.
Thanks
Eugene
Hi Eugene,
MAX HD4 should be the correct model that you should consider for your requirements ( 4 x LTE + 2 Wired WAN) . High Availability (HA) can be enable for the MAX HD4 pair to gather hardware fail-over. HA pair with VRRP will maintain single Virtual IP for the MAX HD4 internal network as the default gateway for the firewalls.
Thank You
Hi Sitloong,
Yes, one unit of HD4 is capable to handle 4 x LTE + 2 WAN. Any sample design for the HA mode you have mention? How many SIM card and WAN do i need to cater for such the design?
Thanks
Eugene
