Common Practices
Fireware Pro
Firebox SSL VPN
Firebox X Core/Edge
Setup -
Branch Office VPN (IPSec) - Firebox/Soho
Remote User configuration using MUVPN & PPTP
Troubleshooting -
Backing Up/Restoring your Firebox Image.
How do I configure Multi-WAN with Fireware Pro?
Configuring Multi-WAN with Fireware Pro is very easy, but there are things to be mindful of.
You only have the choice of Failover, or Round Robin for Multi-WAN. Failover mode will only use the second WAN when the primary fails. The second option will balance the outgoing traffic evenly. Should you choose round robin, you can port forward in traffic from each WAN connection to the same server and the Firebox will return the incoming traffic to the appropriate connection.
Note: IPSec traffic will ALWAYS use the primary WAN and not balance between the connections for your tunnels.
Also keep in mind SMTP can’t be set to only use one connection. So remember once you set this up, your domain must have an MX record for each WAN connection by your DNS provider so mail being sent from either WAN connection will be accepted should a reverse lookup be done on the SMTP connection.
Configure the Firebox using the Quick Setup Wizard and only declare the primary WAN connection. Once complete, verify function before going on to configure the second WAN connection.
Once you have verified connectivity with the primary WAN you can proceed.
Using the WatchGuard System Manager, select “connect to Device” and enter the trusted IP of your Firebox and its readonly passphrase.
After the device is shown in the WatchGuard System Manager display, select the device and click the “Policy Manager” icon.
Policy Manager will open showing you the policies as in the screen displayed below.
Select Network>Configuration
In this example, the primary WAN has already been configured with an IP of 64.30.5.2/24 with a default gateway of 64.30.5.1
The trusted interface has been configured as 172.30.0.1/24
Now to add the second WAN connection it will be added to interface 2 which is currently configured as the optional interface and has its default settings.
Click on the Interface 2 to highlight it and select “configure”.
Change the settings to be a valid IP, mask, and gateway as given by your internet provider, and rename the interface.
In this example, the secondary WAN internet connection is 24.111.1.2/24 with a gateway of 24.111.1.1
Note: Make sure you have verified that the secondary WAN connection functions before configuring the Firebox, by using a laptop or other PC with the IP, Mask, and gateway with the same settings you are going to put in the Firebox interface, and connect it directly to this secondary internet connection. Don’t take the ISP’s word that they have configured your line and provided you with the correct IP information. Verify it yourself first to avoid problems.
After entering the appropriate data, click OK.
Now you will see the option to select Failover or Round Robin.
Leave it checked on “Round Robin” and click OK.
At this point you can save the configuration to the Firebox and outgoing traffic will be balanced between the connections.
