Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Configure remote office backup line.

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 396 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      WhiteTiger-IT
      last edited by

      I have three buildings located at a distance from each other and all connected with a proprietary optical fiber.
      The firewall is in the central office, has a FWA Internet connection and has a backup line with ADSL.
      Remote buildings currently do not have a firewall because the protection is on the central one. However, if there is a failure on the fiber connection, no one is able to browse or use the applications on the central server.
      My idea is to put something in the peripheral offices that activate a mobile connection in case of failure on the fiber.
      At least for surfing the Internet, but if possible also to reach the headquarters via the Internet.
      I would like some suggestions on what to expect in the center and in the peripheral offices.
      Thanks in advance.

      DaddyGoD 1 Reply Last reply Reply Quote 0
      • DaddyGoD
        DaddyGo @WhiteTiger-IT
        last edited by

        @whitetiger-it said in Configure remote office backup line.:

        My idea is to put something in the peripheral offices that activate a mobile connection in case of failure on the fiber.

        Hi,

        In this case you are left without a firewall (in the second order places), which is a huge mistake in a production environment!

        Everyone thinks that internet browsing should be maintained in case of upstream failure, but this is the most dangerous, entrance from the bad guys' side.

        So, I would put a NGFW(s) in every building, smaller ones are sufficient for this endpoints..., it is cost-effective.

        One good feature of pfSense is that it handles multiple WAN connections...
        https://docs.netgate.com/pfsense/en/latest/multiwan/load-balance-and-failover.html

        on the second, say a WAN2 connection, a 4G LTE connection would be installed, which would be activated in case of a fiber failure....

        and here you decide how to configure................. 😉

        use 4G LTE temporarily (until fiber is restored) for everything or VPN into the central NGFW and continue to manage the main FW rules from the central office

        Cats bury it so they can't see it!
        (You know what I mean if you have a cat)

        1 Reply Last reply Reply Quote 1
        • W
          WhiteTiger-IT
          last edited by WhiteTiger-IT

          @daddygo
          I thank you for the answer.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.