FW HA Failover Seems to Have ISP Preference

MarcW
Here to help

FW HA Failover Seems to Have ISP Preference

I chose switching since this is where we are seeing it.  We have 2 ISP's.  They both hit the 8 port switch which then hits each of the FW's (primary and spare). 

 

If we fail ISP #1, the network stays up, but the switch reports as down.  How do I make the switch follow the other ISP as the primary? 

 

7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal

Theoretically this is supposed to be automatic. Do you have any traffic routing rules (Flow Preferences)?

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
MarcW
Here to help

No routing settings.

ww
Kind of a big deal
Kind of a big deal

You could give the switch a private address from the firewall lan side

Check out the slide deck shared in this post

https://community.meraki.com/t5/Security-SD-WAN/How-to-turn-MS120-into-WAN-breakout-for-2-ISPs-and-2...

MarcW
Here to help

I will look into this.  I may have a completely different ISP setup when we move to the actual location and this will change how I can offer IP's to the switch and MX's. 

Ryan_Miles
Meraki Employee
Meraki Employee

Is your 8 port switch doing WAN breakout like shown in my diagram?

 

https://docs.google.com/presentation/d/1xsb8imtUFjN13so86kIZ04IR9f6WEKdbpUrYVON64Zg/edit#slide=id.g1... 

 

And if yes, is the mgmt VLAN of the switch coming from the LAN side of the MXs?

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal

It will failover - but it will take MUCH longer.  Around 5 minutes.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Failo...

 

MarcW
Here to help

My install is next week, so unless there's a time limit, I am going to keep this open. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels