Question : Need device for failover with two WAN interfaces, both incoming and outgoing traffic.

We have two internet connections, a 4mb/2mb pipe as our main line, and a T1 as our backup line. (The T1 is a shared buildings line with other users) We would like to deploy a device that has two wan interfaces, that will handle failover if our main line goes down, for incoming as well as outgoing traffic. Outgoing traffic is easy, however we would like all incoming traffic for mail / web to function seamlessly as well. From the research I have been doing, there is two ways to accomplish this, one with Round Robin DNS, and the other by setting a very small TTL on DNS to avoid caching. Round Robbin would most likely fail in this situation, as I do not want to use the T1 line unless our main line is down (as its shared with other users)

The setup I have in my mind is this: A device that functions as a firewall / NAT / Gateway that also performs DNS. We set the primary DNS server for our domains on an ip on our main internet connection, and secondary on our backup line. They will be set with a small TTL, maybe 10 minutes. The device would handle all dns queries. If the main line is functional, it replies to queries with the ips of the main line. If it goes down, it sends all replies to the secondary connection. The device would function as a firewall, blocking all bad traffic, however forward ports to internal servers such as 80 to web, 25 to mail, etc. Since this device is the network gateway, the internal servers would send all outgoing traffic through it, and would be oblivious to which internet line its using. Since the TTL is small, the longest we could possible be down is the length of the TTL, as it would requery after its life and find the new ips.

Most of the devices I am finding will do the switch over for outgoing traffic no problem, but fail to provide a solution for incoming traffic, unless there is a concept that I may be missing? The device would need to be able to assign multiple real world ips to an interface, and allow different ports to be forwarded to internal machines based on each ip.

Can someone recommed a device that will provide a solution for my task?

Thanks in advance!

Tom

Answer : Need device for failover with two WAN interfaces, both incoming and outgoing traffic.

Two solutions come to mind:
1) Fatpipe Warp - http://www.fatpipeinc.com/warp/
2) Radware Linkproof - http://www.radware.com/content/products/lp/default.asp

Both utilize DNS on the device for realtime incoming loadbalancing. The Fatpipe can become authoritative for your domain while the Radware needs an external authoritative DNS and hosts 'A' records only.

The Radware makes a branch product that is good to 10Mbs and can handle both of your lines.

Good Luck

Random Solutions

Delivery Status Notification (Delay) relating to SMTP user

Access remote disk with Linksys VPN Router to Linksys VPN Router

Unable to browse a domain

Weird Network Problem

Subdomains and SSL for Ecommerce

how to kill sessions via webapp when using mod_jk cluster

Port 80 somehow got blocked. Cannot visit any http websites.

network shared printers

Deployment problem can somebody help me please.

RDP printing and terminal services 2000 server