No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Customer need to add 3rd ISP Link on AR Gateway but he don't have available ports on AR , so he need to add one more ISP link on the firewall

Publication Date:  2018-02-14 Views:  83 Downloads:  0
Issue Description

Customer need to add 3rd ISP Link on AR Gateway but he don't have available ports on AR , so he need to add the 3rd ISP link on the firewall to allow specific Subnet on His WLAN Network to access through the New ISP link , accordingly we added Configuration  on the FW to allow One Subnet of WLAN Users to access this New ISP Link on Firewall

Alarm Information

None

Handling Process

1- Check the configuration on the All Down stream devices of the FW to confirm that the WLAN Subnet 172.15.41.0 24 /Vlan41 can reach normally to firewall

Root Cause

New Solution

Solution

1.      Configure the interface that connect to ISP 3;

2.      Configure the NAT policy;

3.      Configure the PBR.

X.X.X.X is the ISP IP you will take form Servicer provide on the FW side

Y.Y.Y.Y is the Next hop ISP IP at Service provider Side .

Interface GigabitEthernet1/0/8  is one of free interfaces on FW I Used to make a Simulation as Interface which will connects to 3rd ISP Link .

 

interface GigabitEthernet1/0/8

undo shutdown

ip address x.x.x.x 255.255.255.0

#

firewall zone untrust

add interface GigabitEthernet1/0/8

#

nat-policy 

  rule name policy_nat1

    source-zone trust

    destination-zone untrust 

    source-address 172.15.41.0 24  

    action nat easy-ip

#

ip-link check enable

ip-link name pbr_1

  destination y.y.y.y interface GigabitEthernet 1/0/8

#

policy-based-route

rule name pbr_1

  description pbr_1

  source-zone trust

  source-address 172.15.41.0 24

  track ip-link pbr_1

  action pbr next-hop y.y.y.y

#

 

Suggestions

1- check first the configuration Specific Subnet and VLAN for Users on the Access controller 

2- Check on the DHCP Server device for the Users if Subnet is correctly configured + Vlan configuration "Core switch on our Example"

3- Configure PBR to match the source subnet Requirements as desciped on The full solution 

END