Figure 4.3. A Route Failover Scenario for ISP Access
Setting Up Route Failover
To set up route failover, Route Monitoring must be enabled and this is an option that is enabled on a
route by route basis. To enable route failover in a scenario with a preferred and a backup route, the
preferred route will have route monitoring enabled, however the backup route does not require this
since it will usually have no route to failover to. When route monitoring is enabled for a route, one
of the following monitoring methods must be chosen:
Interface Link Status
NetDefendOS will monitor the link status of the interface
specified in the route. As long as the interface is up, the route is
diagnosed as healthy. This method is appropriate for monitoring
that the interface is physically attached and that the cabling is
working as expected. As any changes to the link status are
instantly noticed, this method provides the fastest response to
failure.
Gateway Monitoring
If a specific gateway has been specified as the next hop for a
route, accessibility to that gateway can be monitored by sending
periodic ARP requests. As long as the gateway responds to these
requests, the route is considered to be functioning correctly.
Automatically Added Routes Need Redefining
It is important to note that the route monitoring cannot be enabled on automatically added routes.
For example, the routes that NetDefendOS creates at initial startup for physical interfaces are
automatically added routes. The reason why monitoring cannot be enabled for these routes is
because automatically created routes have a special status in an NetDefendOS configuration and are
treated differently.
If route monitoring is required on an automatically created route, the route should first be deleted
and then recreated manually as a new route. Monitoring can then be enabled on the new route.
Setting the Route Metric
When specifying routes, the administrator should manually set a route's Metric. The metric is a
positive integer that indicates how preferred the route is as a means to reach its destination. When
two routes offer a means to reach the same destination, NetDefendOS will select the one with the
4.2.3. Route Failover
Chapter 4. Routing
157
Summary of Contents for DFL-1600 - Security Appliance
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27 ...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79 ...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146 ...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227 ...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241 ...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339 ...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360 ...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382 ...
Page 386: ... The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386 ...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439 ...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450 ...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488 ...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503 ...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510 ...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533 ...