Multiple Internet link NGAF

KengFee Lv1Posted 15 Sep 2023 10:40

If I want to connect one additional internet link for the Firewall as a failover or backup when the primary line is down. Would like to know is there any things I should take note and is there any guide or notes I can refer to ?

Newbie517762 has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Is this answer helpful?
mdamores Posted 20 Sep 2023 11:14
  
Best practice during deployment is to setup a failover or backup internet link for firewall to ensure high availability and minimize downtime. Below are some steps to consider when setting up backup internet link or failover
1.        Check if your existing firewall supports multiple WAN interfaces
2.        Decide which among the ISPs will be your primary and secondary internet connection
3.        Choose between active/passive or load balancing fail over criteria
­        Load balancing – distributes traffic across both links to optimize bandwidth usage
­        Active / Passive – one is a standby that becomes passive when the primary ISP failed
4.        Depending on the model of your firewall, you need to configure WAN interface settings for both primary and secondary links based on but not limited to the following:
­        Routing (static or dynamic)
­        Failover triggers
­        NAT
5.        It is also best to deploy monitoring tools where you can be notified when the primary and/or secondary links goes down or failover happened. This can be configured thru SNMP or other 3rd party monitoring tools
Zonger Lv5Posted 19 Sep 2023 16:53
  
Acquire a secondary internet connection from a different ISP or network provider.
Physically connect the secondary internet link to your firewall device.
Access your firewall's management interface and configure failover settings. This typically involves specifying the primary and secondary (backup) internet connections and setting up rules for automatic failover.
engineer_baz Lv1Posted 19 Sep 2023 11:51
  
A Sangfor NGAF device can be used to connect to multiple Internet links. This can be useful for load balancing traffic across multiple links, or for providing redundancy in case one link fails.

To connect a Sangfor NGAF device to multiple Internet links, you must configure the NGAF device to use a gateway group. A gateway group is a collection of IP addresses that the NGAF device will use to route traffic to the Internet.

Once you have configured a gateway group, you can assign the NGAF device's WAN interface to the gateway group. This will allow the NGAF device to route traffic to the Internet using any of the IP addresses in the gateway group.
jerome_itable Lv3Posted 18 Sep 2023 17:14
  
Yes, there are a few things you should take note of when connecting an additional internet link for your Sangfor firewall as a failover or backup:

    Make sure that both internet links are using different IP addresses and subnets.
    Configure your firewall to monitor the status of both internet links.
    Configure your firewall to failover to the secondary internet link if the primary link goes down.
    Test your failover configuration to make sure that it is working properly.

Here are some Sangfor guides and notes that you can refer to:

    WAN Failover on NGAF Firewall: https://community.sangfor.com/fo ... wthread&tid=968
    WOC User Manual: https://www.sangfor.com/sites/de ... r%20Manual%20v9.pdf
Gomu Lv2Posted 18 Sep 2023 13:24
  
Verify that your firewall is capable of handling numerous internet connections.
Discuss the secondary link and IP addresses with your ISPs.
Select an active-passive or load balancing technique for your failover plan.
Routing, NAT, and failover triggers should be configured on the firewall.
Noah19 Lv3Posted 18 Sep 2023 13:21
  
Consider the bandwidth needed to fulfill the need of the network
Consider also the filtering methods
Natsu Dragneel Lv3Posted 18 Sep 2023 13:18
  
You must consider the ISPs
Network Bandwidth
Configuration especially routing protocols and redundancy
VanFlyheights Lv3Posted 18 Sep 2023 13:14
  
Make sure that the additional internet link has sufficient bandwidth to handle the traffic in case of a failover.
Tatam Lv2Posted 18 Sep 2023 13:13
  
Check the Hardware and also the speed of ISP
Check also the configuration
PrincesDivad Lv2Posted 18 Sep 2023 13:11
  
Consider a SDWAN Firewall

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders