About Using Multiple External Interfaces
You can use your XTM device to create redundant support for the external interface. This is a helpful option if you must have a constant Internet connection.
With the multi-WAN feature, you can configure multiple external interfaces, each on a different subnet. This allows you to connect your XTM device to more than one Internet Service Provider (ISP). When you configure a second interface, the multi-WAN feature is automatically enabled.
Multi-WAN Requirements and Conditions
You must have a second Internet connection and more than one external interface to use most multi-WAN configuration options.
Conditions and requirements for multi-WAN use include:
- If you have a policy configured with an individual external interface alias in its configuration, you must change the configuration to use the alias Any-External, or another alias you configure for external interfaces. If you do not do this, some traffic could be denied by your firewall policies.
- Multi-WAN settings do not apply to incoming traffic. When you configure a policy for inbound traffic, you can ignore all multi-WAN settings.
- To override the multi-WAN configuration in any individual policy, enable policy-based routing for that policy. For more information on policy-based routing, see Configure Policy-Based Routing.
- Map your company’s Fully Qualified Domain Name to the external interface IP address of the lowest order. If you add a multi-WAN XTM device to your Management Server configuration, you must use the lowest-ordered external interface to identify it when you add the device.
- To use multi-WAN, you must use mixed routing mode for your network configuration. This feature does not operate in drop-in or bridge mode network configurations.
- To use the Interface Overflow method, you must have Fireware XTM with a Pro upgrade. You must also have a Fireware XTM Pro license if you use the Round-robin method and configure different weights for the XTM device external interfaces.
- To use multi-WAN options except modem failover on an XTM 2 Series device, you must have Fireware XTM with a Pro upgrade.
You can use one of four multi-WAN configuration options to manage your network traffic.
For more information on each option, see About Multi-WAN Options.
When you enable multi-WAN the XTM device monitors the status of each external interface. Make sure that you define a link monitor host for each interface. We recommend that you configure two link targets for each interface.
For more information, see About WAN Interface Status.
Multi-WAN and DNS
Make sure that your DNS server can be reached through every WAN. Otherwise, you must modify your DNS policies such that:
- The From list includes Firebox.
- The Use policy-based routing check box is selected.
If only one WAN can reach the DNS server, select that interface in the adjacent drop-down list.
If more than one WAN can reach the DNS server, select any one of them, select Failover, select Configure, and select all the interfaces that can reach the DNS server. The order does not matter.
You must have Fireware XTM with a Pro upgrade to use policy-based routing.
About Multi-WAN Options
About Advanced Multi-WAN Settings
About WAN Interface Status
About MX (Mail eXchange) Records