MultiWAN dual failover? For two companies?


Looking at our network, we have two companies (in one group, and data isn’t allowed to talk to each other)

Essentially, I’ve been thinking about how exactly we would make sure failover works for well, both companies. We have an ISP connection coming in for both companies , and they both come in through a core switch. We do have a couple of watchguard firewalls connected too. This is our current setup

They go through a layer three switch, prior to anything else. The router that we have isn’t used for anything much more than WiFi, and a PPPoE connection for another circuit

I had a look first, and noticed that there was a line on the config saying if the next hop to the firewall is deemed to be down, then disconnect, and that sorta makes sense, except of course that has a connection to the ISP

Now, I’m thinking that perhaps, if we do something like this

Perhaps that would force the internet to still work, if one ISP went down? I saw “dual failover” routers, but then I guess that in itself needs to be redundant. If one router dies, we’d lose both lots of internet connectivity.

I’ve been asked to ask here, after someone on reddit said to do so on r/networking (Same username)

Initial link:

Hi. Welcome to the forum!
As always there are a number of ways to do what you want.

I would probably present both ISP connections to a Peplink Balance, then have outbound policies on the Balance that prioritises all traffic from company 1 over WAN1 and company 2 over WAN2 with each company having the other companies WAN as a backup.

Then double up the Balances into a VRRP Pair for redundancy.

Or you could use a pair of Peplink Balance routers in Drop in mode

One sat on the LAN of each ISP router, providing transparent failover. That might be easiest / tidiest / least intrusive a topology change.

1 Like

Thanks. So, like this?

At least in terms of a diagram anyway…