timberdoodle
Gawd
- Joined
- Sep 22, 2008
- Messages
- 878
We have both a Comcast and Verizon connection at our school. They are going into a Sonicwall NSA5500. The configuration is such that if the primary - Comcast - fails then the secondary - Verizon - will pickup the internet traffic. The issue we are having is with local Verizon customers. When we got our IP address from verizon it was a /24 subnet with a gateway starting at .1
I thought this was strange as every other time I have gotten a block of static IP addresses from an ISP it has been a /29 or /28 at the most. But the ISP confirmed that this is what we were supposed to get and it should not cause problems.
A local business we deal with happens to be on our subnet with the same next hop Gateway. When I perform a traceroute to them, the traffic goes directly out the Verizon WAN interface to our common gateway, then to the local business. This, all while the Comcast Interface is our dedicated primary for all traffic.
I spoke with Sonicwall and they explained that the firewall is simply taking the most efficient path which makes sense to me in some regard but is still confusing why it would use the interface when policy says it is a failover.
Now, this local business tries to send us email with their on premise Exchange - we also have Exchange. The emails will sit in their queue indefinitely and ultimately fail to reach us. If I disable the Verizon interface the emails come in perfectly fine - even some in their queue will immediately come through once I disable it. I thought this was a DNS issue but it is not or at least our DNS is all configured correctly where we have no other problems with email. Our MX records utilize the static IPs from Comcast - nothing is using our static Verizon addresses.
Anyone have thoughts?
I thought this was strange as every other time I have gotten a block of static IP addresses from an ISP it has been a /29 or /28 at the most. But the ISP confirmed that this is what we were supposed to get and it should not cause problems.
A local business we deal with happens to be on our subnet with the same next hop Gateway. When I perform a traceroute to them, the traffic goes directly out the Verizon WAN interface to our common gateway, then to the local business. This, all while the Comcast Interface is our dedicated primary for all traffic.
I spoke with Sonicwall and they explained that the firewall is simply taking the most efficient path which makes sense to me in some regard but is still confusing why it would use the interface when policy says it is a failover.
Now, this local business tries to send us email with their on premise Exchange - we also have Exchange. The emails will sit in their queue indefinitely and ultimately fail to reach us. If I disable the Verizon interface the emails come in perfectly fine - even some in their queue will immediately come through once I disable it. I thought this was a DNS issue but it is not or at least our DNS is all configured correctly where we have no other problems with email. Our MX records utilize the static IPs from Comcast - nothing is using our static Verizon addresses.
Anyone have thoughts?