Meraki

Community

FW HA Failover Seems to Have ISP Preference

MarcW
Here to help
‎Jul 2 2024 10:21 AM
‎Jul 2 2024 10:21 AM

FW HA Failover Seems to Have ISP Preference

I chose switching since this is where we are seeing it.  We have 2 ISP's.  They both hit the 8 port switch which then hits each of the FW's (primary and spare). 

 

If we fail ISP #1, the network stays up, but the switch reports as down.  How do I make the switch follow the other ISP as the primary? 

 

0 Kudos
7 Replies 7
alemabrahao
Kind of a big deal
‎Jul 2 2024 10:25 AM
‎Jul 2 2024 10:25 AM

Theoretically this is supposed to be automatic. Do you have any traffic routing rules (Flow Preferences)?

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
MarcW
Here to help
‎Jul 3 2024 3:10 PM
‎Jul 3 2024 3:10 PM

No routing settings.

0 Kudos
ww
Kind of a big deal
Kind of a big deal
‎Jul 2 2024 10:44 AM
‎Jul 2 2024 10:44 AM

You could give the switch a private address from the firewall lan side

Check out the slide deck shared in this post

https://community.meraki.com/t5/Security-SD-WAN/How-to-turn-MS120-into-WAN-breakout-for-2-ISPs-and-2...

In response to ww
MarcW
Here to help
‎Jul 3 2024 3:11 PM
‎Jul 3 2024 3:11 PM

I will look into this.  I may have a completely different ISP setup when we move to the actual location and this will change how I can offer IP's to the switch and MX's. 

0 Kudos
Ryan_Miles
Meraki Employee
Meraki Employee
‎Jul 2 2024 10:47 AM
‎Jul 2 2024 10:47 AM

Is your 8 port switch doing WAN breakout like shown in my diagram?

 

https://docs.google.com/presentation/d/1xsb8imtUFjN13so86kIZ04IR9f6WEKdbpUrYVON64Zg/edit#slide=id.g1... 

 

And if yes, is the mgmt VLAN of the switch coming from the LAN side of the MXs?

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 3 2024 3:48 AM
‎Jul 3 2024 3:48 AM

It will failover - but it will take MUCH longer.  Around 5 minutes.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Failo...

 

0 Kudos
MarcW
Here to help
‎Jul 3 2024 3:47 PM
‎Jul 3 2024 3:47 PM

My install is next week, so unless there's a time limit, I am going to keep this open. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.