4. Failover some vlans using default gateway switching

Failover some vlans using default gateway switching

  • B

    I am setting up a home network with a main VLAN and a separate VLAN to isolate home automation / IoT devices.  Additionally, my goal is to run dual-wan in failover, but just failing over the home automation VLAN. The backup WAN would be 4G, so the home automation can use that if the main internet connection goes down, while users won't fail over and eat up data doing other things. I plan to use unbound as resolver, not as forwarder.

    As I'm fairly new to this and trying to get my head around it, it would help to have a couple things checked or questions answered:

    1. From what I understand, using the dns resolver + dual wan, I need default gateway switching turned on.  Then in the firewall, my Accept rules on the lan (ie. to let http/https traffic go out to the internet) should use the Default gateway (no explicit gateway set) for the home automation VLAN; and on the rule for the main users VLAN, I should set the gateway explicitly in Advanced to use just the main wan connection.  If I do this, the home automation VLAN will fail over when the default gateway switches, and the main VLAN won't fail over because it is forced into always using the main WAN.  Question: Is this correct, or am I not understanding a part of the mechanics of this?

    2. What about gateway groups? In the docs for dual-wan, it says to set up a gateway group to configure the failover.  Is this not necessary in this case, since failover happens with Default Gateway Switching?  It seems that I could use a gateway group configured for failover, and explicitly set the Accept rule gateway on the home automation VLAN to use that gateway group… but isn't that more or less a redundant mirroring of how Default Gateway Switching will behave in this particular case (failover, only 2 WAN)?  I realize gateway groups and default gateway switching are 2 different mechanics, but for this setup, wouldn't it be less configuration if there was no gateway group?  Or is there some nuance to this I'm missing?

    Thanks for your help!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy