Dual WAN and one LAN



  • Aiming for a more reliable network, I've got a DSL and a cable connection - two separate WAN NICs with a single LAN connection and a OPT1 for the mail server.  Each NIC interface is a gateway and all the rules use the "OUTBOUND" gateway group.  This is simple and seems to work well except when I log into my Vonage account - the Vonage account logs me in and then logs me straight out again telling me that the session has expired.

    However it works fine if I take down one of the WANs to force all the HTTPS traffic through a single WAN.

    I'm guessing that they are running some sort of IP persistence check - but is it simply that I'm not doing this right?  Is there a better way of doing this?



  • I think you need to make sure you have Manual Outbound NAT being used.



  • @kejianshi:

    I think you need to make sure you have Manual Outbound NAT being used.

    Thanks - OK. I'll go read the manual.  Darn it - I was hoping that "Simple" would work - LOL.



  • Manual outbound NAT is simple.  You just go to

    Firewall > NAT > Outbound

    Click Manual outbound in the upper right.

    A bunch of rules will appear.

    You go into each one and select the subnet and WAN interface you wish that subnet to use.

    Basically, you are telling some things to exit the network on one WAN1 and other things to exit on WAN2.

    I'd bet the reason your phone is failing is because some packets are going in/out on incorrect WAN interface.

    Easy to fix.  Save your setup as you have now, then give it a shot.  You can always go back if I'm Wrong.

    You might even want to set up 1:1 NAT.  I would.



  • For me changing two things solved exactly the same problem:

    Firewall behavior to conservative
    Use sticky connections

    Use with caution, my knowledge is limited.



  • That shouldn't be required. Just assign proper tiers for failover to the gateways in a gateway group and use that group as the gateway in your outbound Internet rules.


Log in to reply