What is the best way to force all traffic from 3 computers through WAN2 and have all other devices prioritize WAN1? Should either WAN fail, I would still want failover to work.
Cyclops,
The best way to do this is with the Outbound Policy rules. You’ll create one Outbound Policy of Priority for any device, any protocol, any destination, and have your WAN 1 first. You create 3 more rules, for each of the 3 computers. You do source IP address, protocol and destination any, and have them set for Priority WAN 2, with WAN 1 as the second. With these setup you’ll have all devices but those 3 go over WAN 1, those 3 go over WAN 2, and everything will have failover if their priority WAN is dead. You can optionally check off the ‘terminate sessions on link recovery’ if you want those devices to hop back on their WAN immediately vs when the next session is started. Depending on the traffic you can kill connections to places like online banking etc, so be careful with that last box.
Thanks Kevin! Also, please make sure the 3 rules for the computers are placed above the any, any, any rule. The rules are executed firewall style…
Thank you. Very helpful.
Hi, I have one related question :
I have 2 Lan subnetworks on my Peplink 20 and I’d like to have one of them routed though WAN 1 most of the time and through WAN2 if Wan 1 fails…
And the other subnet can use both WAN…
Is that possible?
Thanks
You should be able to do this with a similar setup - Outbound Policy w/ Priority algorithm. Difference is you only need 1 rule. Set Source: Any; Destination: IP Network (with the LAN you want going over WAN 1); Protocol: Any; Priority Order will have WAN 1 listed first, WAN 2 second.
okay, will test it. Thanks.
Just to be sure : is this the way it is supposed to look like? I had problems when I tried this a couple of days ago so I thought I’d first check if this looks roughly right…
Thanks in advance for your help,
As long as the 172.16.0.0/24 network is defined on the Balance this will work just fine.
Correct, but on the Outbound Policy Rule, change the IP to 172.16.0.0 (You have it at 172.16.0.1) and it will cover every address on that IP network.
Okay, thanks a a lot. I just fixed it.