Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FW HA Failover Seems to Have ISP Preference

MarcW
Comes here often
Tuesday
Tuesday

FW HA Failover Seems to Have ISP Preference

I chose switching since this is where we are seeing it.  We have 2 ISP's.  They both hit the 8 port switch which then hits each of the FW's (primary and spare). 

 

If we fail ISP #1, the network stays up, but the switch reports as down.  How do I make the switch follow the other ISP as the primary? 

 

0 Kudos
Subscribe
7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal
Tuesday
Tuesday

Theoretically this is supposed to be automatic. Do you have any traffic routing rules (Flow Preferences)?

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
MarcW
Comes here often
yesterday
yesterday

No routing settings.

0 Kudos
Subscribe
ww
Kind of a big deal
Kind of a big deal
Tuesday
Tuesday

You could give the switch a private address from the firewall lan side

Check out the slide deck shared in this post

https://community.meraki.com/t5/Security-SD-WAN/How-to-turn-MS120-into-WAN-breakout-for-2-ISPs-and-2...

Subscribe
In response to ww
MarcW
Comes here often
yesterday
yesterday

I will look into this.  I may have a completely different ISP setup when we move to the actual location and this will change how I can offer IP's to the switch and MX's. 

0 Kudos
Subscribe
Ryan_Miles
Meraki Employee
Meraki Employee
Tuesday
Tuesday

Is your 8 port switch doing WAN breakout like shown in my diagram?

 

https://docs.google.com/presentation/d/1xsb8imtUFjN13so86kIZ04IR9f6WEKdbpUrYVON64Zg/edit#slide=id.g1... 

 

And if yes, is the mgmt VLAN of the switch coming from the LAN side of the MXs?

Ryan / Meraki Solutions Engineer

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

It will failover - but it will take MUCH longer.  Around 5 minutes.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Failo...

 

0 Kudos
Subscribe
MarcW
Comes here often
yesterday
yesterday

My install is next week, so unless there's a time limit, I am going to keep this open. 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.